last executing test programs: 4m28.15666621s ago: executing program 2 (id=87): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000040)={0xa, 0xfffd, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000200)=0xfffffffc, 0x49) 4m27.970260298s ago: executing program 2 (id=91): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000038c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000001440)={'ip6erspan0\x00', 0x2}) ioctl$TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0) 4m27.76876779s ago: executing program 2 (id=96): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000340)={0x23, {{0x2, 0x0, @multicast2}}, {{0x2, 0x4e22, @empty}}}, 0x108) getsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000100)=0xe1) 4m27.640471046s ago: executing program 2 (id=98): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x14, 0x16, 0xa01, 0x0, 0x0, {0xa, 0x0, 0x700}}, 0x14}}, 0x0) 4m27.502416243s ago: executing program 2 (id=101): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x10) symlinkat(&(0x7f00000011c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') 4m27.324803245s ago: executing program 2 (id=104): io_setup(0x81, &(0x7f0000000180)=0x0) r1 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0) io_submit(r0, 0x1, &(0x7f0000001d00)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8, 0x0, r1, &(0x7f0000000340)='p', 0x300}]) 4m12.219972124s ago: executing program 32 (id=104): io_setup(0x81, &(0x7f0000000180)=0x0) r1 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0) io_submit(r0, 0x1, &(0x7f0000001d00)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8, 0x0, r1, &(0x7f0000000340)='p', 0x300}]) 58.939918161s ago: executing program 3 (id=4284): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1e7d, 0x2ced, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x4, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000300)={0x2c, &(0x7f0000000100)={0x40, 0xc, 0x2e, {0x2e, 0x21, "72fefe9018e00a31e02f8626fe0110d2d374684c9c5ecc337f832164204ea20234a483c02a11e17be1ef07a7"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) 57.313289683s ago: executing program 3 (id=4294): socket$inet6_tcp(0xa, 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f0000000000)=ANY=[], 0x4) 57.132437353s ago: executing program 3 (id=4296): io_uring_setup(0x17c7, 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_pidfd_open(r0, 0x0) process_madvise(r1, 0x0, 0x0, 0x19, 0x0) 56.947431201s ago: executing program 3 (id=4297): r0 = socket$inet6(0xa, 0x2, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x1, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xa}, 0x1c) bind$inet6(r0, &(0x7f0000000380)={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c) 56.9125058s ago: executing program 3 (id=4298): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) creat(&(0x7f00000005c0)='./file0\x00', 0xc9028ba210c11f8b) unlink(&(0x7f0000000540)='./file0\x00') 56.818577194s ago: executing program 3 (id=4299): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000500)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="2e003300d0000000ffffffffffff080211000000505050505050"], 0x4c}}, 0x0) 41.740453468s ago: executing program 33 (id=4299): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000500)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="2e003300d0000000ffffffffffff080211000000505050505050"], 0x4c}}, 0x0) 40.919863465s ago: executing program 0 (id=4580): r0 = io_uring_setup(0xaab, &(0x7f0000002140)={0x0, 0x40000001, 0x1000, 0x0, 0xfffffffe}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x0, @remote, 0xa}], 0x1c) close_range(r0, 0xffffffffffffffff, 0x0) 40.592090762s ago: executing program 0 (id=4586): inotify_add_watch(0xffffffffffffffff, 0x0, 0xa4000061) r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x29f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xd, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x1c, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x7, {[@local=@item_4={0x3, 0x2, 0x5, "676979e7"}, @global=@item_012={0x1, 0x1, 0x9, 'R'}]}}, 0x0}, 0x0) 40.490355636s ago: executing program 1 (id=4587): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000008850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @cgroup_sock_addr, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) sysinfo(&(0x7f0000001040)=""/4096) 40.462311658s ago: executing program 1 (id=4589): syz_usb_connect$cdc_ncm(0x0, 0x76, 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000000)={0x8000001, 0x1}, 0x8) close(r0) 38.857806963s ago: executing program 1 (id=4592): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000002400)=ANY=[@ANYBLOB="0100000000f2ffff73000040"]) 38.693318836s ago: executing program 0 (id=4596): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x58f, 0x9410, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x0, 0x0, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x7, {[@local=@item_012={0x1, 0x2, 0x0, 'D'}, @main=@item_4={0x3, 0x0, 0xb, "58611047"}]}}, 0x0}, 0x0) 38.614498122s ago: executing program 1 (id=4598): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20) r1 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r1, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1) 38.454049419s ago: executing program 1 (id=4600): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) creat(&(0x7f00000005c0)='./file0\x00', 0xc9028ba210c11f8b) unlink(&(0x7f0000000540)='./file0\x00') 38.380419867s ago: executing program 1 (id=4602): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000bc0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@broadcast, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x800}}, 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in=@broadcast, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2}}, [@mark={0xc, 0x15, {0x0, 0xffff}}]}, 0xc4}}, 0x4000000) 36.87199444s ago: executing program 0 (id=4609): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20) r1 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r1, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1) 36.666808578s ago: executing program 0 (id=4612): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) creat(&(0x7f00000005c0)='./file0\x00', 0xc9028ba210c11f8b) unlink(&(0x7f0000000540)='./file0\x00') 36.589197503s ago: executing program 0 (id=4613): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2c, r1, 0x1, 0x70bd27, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0xc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x3}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x20000000) 23.324283743s ago: executing program 34 (id=4602): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000bc0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@broadcast, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x800}}, 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in=@broadcast, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2}}, [@mark={0xc, 0x15, {0x0, 0xffff}}]}, 0xc4}}, 0x4000000) 21.371246137s ago: executing program 35 (id=4613): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2c, r1, 0x1, 0x70bd27, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0xc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x3}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x20000000) 2.615958727s ago: executing program 8 (id=5058): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mremap(&(0x7f0000000000/0x9000)=nil, 0xa00000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x67) 2.256004661s ago: executing program 4 (id=5069): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@ipv6_delrule={0x38, 0x18, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x3}, [@FRA_DST={0x14, 0x7, @loopback}, @FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x4, 0x1}]}, 0x38}}, 0x0) 2.139791705s ago: executing program 4 (id=5072): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440)) r0 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) fallocate(r0, 0x0, 0x400000000000000, 0x7) 2.032896734s ago: executing program 8 (id=5074): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18) r0 = socket$inet6(0xa, 0x2, 0x3a) r1 = dup(r0) bind$unix(r1, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) 2.013042975s ago: executing program 4 (id=5075): set_mempolicy(0x3, &(0x7f0000000040)=0xfff, 0x5) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc"], 0x48) 1.948198046s ago: executing program 8 (id=5077): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001300)={0xc, {"a2e3ad214fc752f9502547f70e06d038e7ff7fc6e5539b3471078b089b3b083848090890e0878f0e1ac6e7049b3372959b669a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31360d095d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8a92fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18834dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b8dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00fd104d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff752613d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443eab40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f22b625d64931cd4ffe6738dd7b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a23dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c848a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333aed0418c0b44412d041259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b45030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf475af3d3060eac38dcaea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f00000000c0)) 1.820662698s ago: executing program 8 (id=5080): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 1.782420731s ago: executing program 4 (id=5081): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x2000000, 0x2}}]}}]}, 0x44}}, 0x0) 1.695713144s ago: executing program 8 (id=5084): r0 = syz_open_dev$sndctrl(&(0x7f0000001ac0), 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000200)={0x9, 0x6, 0x3ff, 0x5, 'syz1\x00', 0xfffffffd}) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r1, 0xc1105511, &(0x7f0000000040)={0x9, 0x5, 0x40, 0x10000, 'syz1\x00', 0x4000000}) 1.618362943s ago: executing program 8 (id=5086): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000740)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x3, "cb6b1617"}]}}, 0x0}, 0x0) 1.607083278s ago: executing program 4 (id=5087): syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast1, @local, @loopback}, 0xc) getsockopt$inet_buf(r0, 0x0, 0x29, &(0x7f0000000040)=""/185, &(0x7f0000000100)=0xb9) 1.511822058s ago: executing program 4 (id=5089): getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000002240)) r0 = syz_usb_connect$uac1(0x0, 0xdc, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000106b1d01ec2e00010203010902ca00030100700009040000000101"], 0x0) syz_usb_control_io(r0, &(0x7f0000001bc0)={0x2c, 0x0, &(0x7f0000000100)={0x0, 0x3, 0xc, @string={0xc, 0x3, "4333a282f9b079004b0e"}}, 0x0, 0x0, 0x0}, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f00000024c0)={0x50, 0x0, 0x0, {0x7, 0x9, 0x3, 0x200, 0x4, 0x4, 0x1}}, 0x50) 1.22436041s ago: executing program 6 (id=5097): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r0, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9b4}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_CENTER_FREQ2={0x8}]]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x0) 1.155833188s ago: executing program 6 (id=5099): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010001000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="2a003300d0000000050000000100000011000000505050505050004004"], 0x48}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 1.021220639s ago: executing program 6 (id=5102): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000240)="9966249a4d", 0x5}, {&(0x7f00000005c0)="40e7086d", 0x4}], 0x2}, 0x42) 956.018133ms ago: executing program 6 (id=5103): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x7, 0x10001, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8a10ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 871.962044ms ago: executing program 6 (id=5105): mount$bind(&(0x7f00000002c0)='.\x00', 0x0, 0x0, 0x101091, 0x0) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000780), 0x40200, 0x0) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000002c0)={0xc}) 776.698016ms ago: executing program 6 (id=5107): add_key(&(0x7f0000000000)='big_key\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r0, &(0x7f0000000000), 0xfffffecc) linkat(r0, &(0x7f0000000380)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000) 454.954545ms ago: executing program 5 (id=5114): ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd038786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500031681905db88235f8a5447dd2a2fd6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd500800000000000000e4a62fb73c33424b437bb192c9b06ea6ed04983fe5c5ca033dfce0a82577ef14eee5e6be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b394de70400d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca147df97db"}) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") 315.679127ms ago: executing program 5 (id=5117): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000000c0)=0x90) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000180)={0x7fffffff, 0x3, 0x2, 0xfffffffb, 0x54, "c7eded010000000000000000804000"}) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000080)=0x3) 311.629135ms ago: executing program 7 (id=5118): r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e0000000000000000000000000040000000000000b01d5597cfab9c4600000000000000380005"], 0x40) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) 251.727962ms ago: executing program 5 (id=5119): ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x1, 0x0, 0x2, 0x9) 250.443215ms ago: executing program 7 (id=5120): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)={0x34, r2, 0x1, 0x70bd2c, 0x0, {{0x2}, {@val={0x8, 0x3, r1}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9b2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}]]}, 0x34}, 0x1, 0x0, 0x0, 0x8001}, 0x0) 211.860305ms ago: executing program 5 (id=5121): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x103, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, 0x0) 188.188901ms ago: executing program 7 (id=5122): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) listxattr(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) 147.935327ms ago: executing program 7 (id=5123): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x18, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x8000, 0x1, 0x4}) r1 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x4, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000340)={0x0, 0x2, 0x4, {0x1, @win={{}, 0x0, 0x6, 0x0, 0x0, 0x0}}}) 111.955439ms ago: executing program 7 (id=5124): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000003240)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r1}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r0, 0xc01064ab, &(0x7f0000000380)={0x0, r2, r1}) 80.727497ms ago: executing program 5 (id=5125): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x84000, 0x0) 48.892732ms ago: executing program 5 (id=5126): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x44}}, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x50, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}]}, 0x50}}, 0x0) 0s ago: executing program 7 (id=5127): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x11, 0xf, &(0x7f0000000200)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x703283d8d4b5ce77}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ppoll(&(0x7f0000000900)=[{r0}], 0x1, &(0x7f0000000940)={0x77359400}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000040)='hrtimer_init\x00', r1}, 0x10) kernel console output (not intermixed with test programs): ][ T8] usb 1-1: Manufacturer: syz [ 228.839077][ T8] usb 1-1: SerialNumber: syz [ 228.843432][T13456] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3265'. [ 228.853471][ T8] usb 1-1: config 0 descriptor?? [ 228.861429][T13430] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 228.879025][T13456] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3265'. [ 229.137819][ T8] usb 1-1: USB disconnect, device number 25 [ 229.241066][T13483] ptrace attach of "./syz-executor exec"[12303] was attempted by "./syz-executor exec"[13483] [ 229.882170][T13520] netlink: 'syz.5.3296': attribute type 3 has an invalid length. [ 230.084777][T13532] bridge0: port 3(veth3) entered blocking state [ 230.093846][T13532] bridge0: port 3(veth3) entered disabled state [ 230.114148][T13532] veth3: entered allmulticast mode [ 230.124353][T13532] veth3: entered promiscuous mode [ 230.252659][T13538] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.617977][ T5869] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 230.798195][ T5869] usb 1-1: Using ep0 maxpacket: 16 [ 230.806871][ T5869] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 230.828749][ T5869] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 230.847945][ T5869] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 230.857621][ T5869] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 230.889951][ T5869] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 230.904944][ T5869] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 230.914728][ T5869] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 230.923785][ T5869] usb 1-1: Manufacturer: syz [ 230.930002][ T5869] usb 1-1: config 0 descriptor?? [ 231.146827][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 231.146842][ T29] audit: type=1400 audit(1739674263.467:857): avc: denied { unmount } for pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1 [ 231.238021][ T5869] rc_core: IR keymap rc-hauppauge not found [ 231.243962][ T5869] Registered IR keymap rc-empty [ 231.257983][ T5869] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 231.283331][ T5869] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 231.288289][T13591] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 231.312861][ T5869] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 231.328628][ T5869] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input43 [ 231.352077][ T5869] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 231.362529][T13593] ax25_connect(): syz.5.3329 uses autobind, please contact jreuter@yaina.de [ 231.378053][ T5869] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 231.399094][ T5869] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 231.418004][ T5869] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 231.438187][ T5869] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 231.478057][ T5869] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 231.498011][ T5869] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 231.528342][ T5869] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 231.548061][ T5869] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 231.568010][ T5869] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 231.599339][ T5869] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 231.625149][ T5869] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 231.657048][ T5869] usb 1-1: USB disconnect, device number 26 [ 231.971721][T13622] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 232.423186][ T29] audit: type=1400 audit(1739674264.747:858): avc: denied { create } for pid=13643 comm="syz.5.3354" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 232.447480][ T29] audit: type=1400 audit(1739674264.747:859): avc: denied { read } for pid=13643 comm="syz.5.3354" name="file0" dev="tmpfs" ino=732 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 232.492727][T13645] IPVS: persistence engine module ip_vs_pe_m not found [ 232.500540][ T29] audit: type=1400 audit(1739674264.747:860): avc: denied { open } for pid=13643 comm="syz.5.3354" path="/141/file0" dev="tmpfs" ino=732 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 232.526672][ T29] audit: type=1400 audit(1739674264.747:861): avc: denied { ioctl } for pid=13643 comm="syz.5.3354" path="/141/file0" dev="tmpfs" ino=732 ioctlcmd=0x1285 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 232.550842][ C1] vkms_vblank_simulate: vblank timer overrun [ 232.558270][ T29] audit: type=1400 audit(1739674264.747:862): avc: denied { unlink } for pid=12303 comm="syz-executor" name="file0" dev="tmpfs" ino=732 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 232.580860][ C1] vkms_vblank_simulate: vblank timer overrun [ 232.648157][ T29] audit: type=1400 audit(1739674264.777:863): avc: denied { mounton } for pid=13642 comm="syz.3.3353" path="/726/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 232.712407][ T29] audit: type=1400 audit(1739674264.777:864): avc: denied { remount } for pid=13642 comm="syz.3.3353" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 232.777829][ T29] audit: type=1400 audit(1739674264.907:865): avc: denied { unmount } for pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 232.814611][T13661] openvswitch: netlink: nsh attribute has unmatched MD type 0. [ 232.831648][T13661] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 233.769928][ T29] audit: type=1400 audit(1739674266.097:866): avc: denied { create } for pid=13710 comm="syz.3.3387" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1 [ 233.796106][T13713] mac80211_hwsim hwsim15 wlan1: entered promiscuous mode [ 233.821360][T13713] macsec1: entered promiscuous mode [ 233.965459][T13724] random: crng reseeded on system resumption [ 234.236969][T13734] __nla_validate_parse: 2 callbacks suppressed [ 234.236985][T13734] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3396'. [ 234.313588][T13736] lo speed is unknown, defaulting to 1000 [ 234.321055][T13736] lo speed is unknown, defaulting to 1000 [ 234.327138][T13736] lo speed is unknown, defaulting to 1000 [ 234.365060][T13736] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 234.412791][T13736] lo speed is unknown, defaulting to 1000 [ 234.425773][T13736] lo speed is unknown, defaulting to 1000 [ 234.451838][T13736] lo speed is unknown, defaulting to 1000 [ 234.458768][T13736] lo speed is unknown, defaulting to 1000 [ 234.465352][T13736] lo speed is unknown, defaulting to 1000 [ 234.833173][T13758] input: syz0 as /devices/virtual/input/input44 [ 235.883395][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.890582][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.273385][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 236.273399][ T29] audit: type=1400 audit(1739674268.597:873): avc: denied { append } for pid=13846 comm="syz.5.3447" name="event3" dev="devtmpfs" ino=993 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 236.838570][T13881] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3460'. [ 236.956068][T13883] lo speed is unknown, defaulting to 1000 [ 237.733314][ T29] audit: type=1400 audit(1739674270.057:874): avc: denied { bind } for pid=13931 comm="syz.5.3484" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 237.789089][ T5869] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 237.949244][ T5869] usb 1-1: Using ep0 maxpacket: 32 [ 237.960162][ T5869] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 237.972651][ T5869] usb 1-1: config 0 has no interface number 0 [ 237.979842][ T5869] usb 1-1: config 0 interface 184 has no altsetting 0 [ 237.995355][ T5869] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 238.019255][ T5869] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.027644][ T29] audit: type=1400 audit(1739674270.347:875): avc: denied { create } for pid=13946 comm="syz.3.3491" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 238.047306][ T5869] usb 1-1: Product: syz [ 238.047324][ T5869] usb 1-1: Manufacturer: syz [ 238.047338][ T5869] usb 1-1: SerialNumber: syz [ 238.048947][ T5869] usb 1-1: config 0 descriptor?? [ 238.074166][ T5869] smsc75xx v1.0.0 [ 238.079530][T13949] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 238.086416][T13949] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 238.096440][ T29] audit: type=1400 audit(1739674270.377:876): avc: denied { setopt } for pid=13946 comm="syz.3.3491" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 238.146667][ T29] audit: type=1326 audit(1739674270.467:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13950 comm="syz.3.3492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f03c7783da7 code=0x7ffc0000 [ 238.188537][ T29] audit: type=1326 audit(1739674270.467:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13950 comm="syz.3.3492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f03c7728fb9 code=0x7ffc0000 [ 238.213306][ T29] audit: type=1326 audit(1739674270.467:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13950 comm="syz.3.3492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c778cde9 code=0x7ffc0000 [ 238.237646][ T29] audit: type=1326 audit(1739674270.467:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13950 comm="syz.3.3492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f03c7783da7 code=0x7ffc0000 [ 238.263127][ T29] audit: type=1326 audit(1739674270.467:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13950 comm="syz.3.3492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f03c7728fb9 code=0x7ffc0000 [ 238.287424][ T29] audit: type=1326 audit(1739674270.467:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13950 comm="syz.3.3492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f03c7783da7 code=0x7ffc0000 [ 238.683625][ T5869] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 238.704477][ T5869] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 238.714927][ T5869] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 238.728517][ T5869] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71 [ 238.740058][ T5869] usb 1-1: USB disconnect, device number 27 [ 239.306410][T14000] syz.1.3516 (14000) used greatest stack depth: 19240 bytes left [ 239.419804][ T8] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 239.444471][T14010] IPVS: Scheduler module ip_vs_ not found [ 239.581471][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 239.598171][ T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 239.619973][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 239.658147][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 239.667834][ T8] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 239.688154][ T8] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 239.708750][ T8] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 239.787941][ T8] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 239.795976][ T8] usb 4-1: Manufacturer: syz [ 239.809697][ T8] usb 4-1: config 0 descriptor?? [ 240.298043][ T5869] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 240.339043][ T8] rc_core: IR keymap rc-hauppauge not found [ 240.345010][ T8] Registered IR keymap rc-empty [ 240.361376][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 240.399673][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 240.419790][ T8] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 240.441702][T14039] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 240.441702][T14039] The task syz.1.3531 (14039) triggered the difference, watch for misbehavior. [ 240.444908][ T8] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input46 [ 240.481922][ T5869] usb 6-1: config 0 interface 0 has no altsetting 0 [ 240.502581][ T5869] usb 6-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 240.519827][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 240.523512][ T5869] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.557074][ T5869] usb 6-1: config 0 descriptor?? [ 240.557557][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 240.569232][T14045] input: syz1 as /devices/virtual/input/input47 [ 240.608012][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 240.631727][T14047] xt_hashlimit: size too large, truncated to 1048576 [ 240.642051][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 240.667950][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 240.708476][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 240.748511][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 240.770300][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 240.787959][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 240.808163][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 240.828855][ T8] mceusb 4-1:0.0: Registered with mce emulator interface version 1 [ 240.841322][ T8] mceusb 4-1:0.0: 2 tx ports (0x1 cabled) and 2 rx sensors (0x0 active) [ 240.859910][ T8] usb 4-1: USB disconnect, device number 25 [ 240.898358][T14055] netlink: 'syz.0.3539': attribute type 1 has an invalid length. [ 240.918236][T14055] netlink: 134708 bytes leftover after parsing attributes in process `syz.0.3539'. [ 240.991402][ T5869] hid-multitouch 0003:1FD2:6007.0024: item fetching failed at offset 2/5 [ 241.007427][ T5869] hid-multitouch 0003:1FD2:6007.0024: probe with driver hid-multitouch failed with error -22 [ 241.191517][ T45] usb 6-1: USB disconnect, device number 19 [ 241.410741][T14085] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3553'. [ 241.886500][T14104] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 242.121601][T14116] netlink: 'syz.0.3568': attribute type 9 has an invalid length. [ 242.238171][ T5868] usb 4-1: new full-speed USB device number 26 using dummy_hcd [ 242.400520][ T5868] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 242.418240][ T5868] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 242.439690][ T5868] usb 4-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 242.458937][ T5868] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 242.468147][ T5868] usb 4-1: Manufacturer: syz [ 242.479448][ T5868] usb 4-1: config 0 descriptor?? [ 242.665821][ T45] kernel write not supported for file /uinput (pid: 45 comm: kworker/1:1) [ 242.759931][ T29] kauditd_printk_skb: 20 callbacks suppressed [ 242.759944][ T29] audit: type=1400 audit(1739674275.087:903): avc: denied { unmount } for pid=5833 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 242.921523][ T5868] cougar 0003:060B:700A.0025: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 243.012234][T14177] input: syz0 as /devices/virtual/input/input48 [ 243.012552][T14175] vlan4: entered promiscuous mode [ 243.026550][T14175] syz_tun: entered promiscuous mode [ 243.034176][T14175] vlan4: entered allmulticast mode [ 243.039871][T14175] syz_tun: entered allmulticast mode [ 243.047205][T14175] team0: Device vlan4 is up. Set it down before adding it as a team port [ 243.067146][T14175] syz_tun: left allmulticast mode [ 243.072330][T14175] syz_tun: left promiscuous mode [ 243.204705][ T5869] usb 4-1: USB disconnect, device number 26 [ 243.774650][T14202] netlink: 'syz.3.3607': attribute type 7 has an invalid length. [ 243.838703][T14206] netlink: 'syz.3.3609': attribute type 12 has an invalid length. [ 243.846686][T14206] netlink: 'syz.3.3609': attribute type 2 has an invalid length. [ 243.855095][T14206] netlink: 200 bytes leftover after parsing attributes in process `syz.3.3609'. [ 244.012209][ T29] audit: type=1400 audit(1739674276.337:904): avc: denied { write } for pid=14215 comm="syz.3.3614" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 244.356232][T14232] netlink: 'syz.0.3622': attribute type 1 has an invalid length. [ 244.364702][T14232] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3622'. [ 244.627993][ T45] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 244.788228][ T45] usb 4-1: Using ep0 maxpacket: 16 [ 244.801158][ T45] usb 4-1: New USB device found, idVendor=25c6, idProduct=9002, bcdDevice=62.ba [ 244.814961][T14251] mkiss: ax0: crc mode is auto. [ 244.819967][ T45] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.835050][ T45] usb 4-1: Product: syz [ 244.842012][ T45] usb 4-1: Manufacturer: syz [ 244.846691][ T45] usb 4-1: SerialNumber: syz [ 244.853270][ T45] usb 4-1: config 0 descriptor?? [ 245.070944][ T45] snd-usb-hiface 4-1:0.0: probe with driver snd-usb-hiface failed with error -22 [ 245.081504][ T45] usb 4-1: USB disconnect, device number 27 [ 245.449176][T14282] netlink: 'syz.5.3644': attribute type 4 has an invalid length. [ 245.846939][T14314] netlink: 'syz.0.3659': attribute type 11 has an invalid length. [ 246.292706][ T5868] kernel write not supported for file /sg0 (pid: 5868 comm: kworker/0:5) [ 246.780129][ T29] audit: type=1400 audit(1739674279.097:905): avc: denied { append } for pid=14355 comm="syz.3.3675" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 247.103405][T14373] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 247.556679][T14401] xt_hashlimit: size too large, truncated to 1048576 [ 247.569794][T14395] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3693'. [ 247.674681][T14409] veth1_vlan: left promiscuous mode [ 247.737566][T14407] lo speed is unknown, defaulting to 1000 [ 247.862153][T14416] netlink: 'syz.3.3700': attribute type 1 has an invalid length. [ 247.874439][T14416] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3700'. [ 248.057278][ T29] audit: type=1400 audit(1739674280.377:906): avc: denied { connect } for pid=14424 comm="syz.0.3703" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 248.237017][ T29] audit: type=1400 audit(1739674280.557:907): avc: denied { lock } for pid=14436 comm="syz.3.3709" path="socket:[41580]" dev="sockfs" ino=41580 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 248.440895][T14452] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3716'. [ 248.450055][T14452] A link change request failed with some changes committed already. Interface macvlan0 may have been left with an inconsistent configuration, please check. [ 248.941924][ T8] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 249.101192][ T8] usb 6-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 249.111527][ T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.128148][ T8] usb 6-1: Product: syz [ 249.134847][ T8] usb 6-1: Manufacturer: syz [ 249.140338][ T8] usb 6-1: SerialNumber: syz [ 249.146557][ T8] usb 6-1: config 0 descriptor?? [ 249.358006][ T5870] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 249.366096][ T8] hso 6-1:0.0: Failed to find BULK IN ep [ 249.379204][ T8] usb-storage 6-1:0.0: USB Mass Storage device detected [ 249.514749][T14506] @: renamed from vlan0 (while UP) [ 249.521200][ T5870] usb 4-1: Using ep0 maxpacket: 32 [ 249.528698][ T5870] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 249.539108][ T29] audit: type=1400 audit(1739674281.867:908): avc: denied { map } for pid=14505 comm="syz.0.3741" path="/proc/1892/net/vlan/vlan0" dev="proc" ino=4026533837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 249.541729][ T5870] usb 4-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 249.578780][ T8] usb 6-1: USB disconnect, device number 20 [ 249.585650][ T29] audit: type=1400 audit(1739674281.867:909): avc: denied { execute } for pid=14505 comm="syz.0.3741" path="/proc/1892/net/vlan/vlan0" dev="proc" ino=4026533837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 249.610299][ T5870] usb 4-1: config 0 interface 0 has no altsetting 0 [ 249.610336][ T5870] usb 4-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 249.610357][ T5870] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.611661][ T5870] usb 4-1: config 0 descriptor?? [ 249.843558][ T5870] usbhid 4-1:0.0: can't add hid device: -71 [ 249.852877][ T5870] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 249.865117][ T5870] usb 4-1: USB disconnect, device number 28 [ 250.202309][ T8] hid (null): unknown global tag 0xe [ 251.113653][T14558] veth1_to_hsr: default FDB implementation only supports local addresses [ 251.190635][ T8] hid-generic 0005:046D:0A0F.0026: unknown global tag 0xe [ 251.223593][ T8] hid-generic 0005:046D:0A0F.0026: item 0 2 1 14 parsing failed [ 251.248454][ T8] hid-generic 0005:046D:0A0F.0026: probe with driver hid-generic failed with error -22 [ 251.373902][ T29] audit: type=1326 audit(1739674283.687:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14568 comm="syz.4.3769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcf138cde9 code=0x7ffc0000 [ 251.443608][ T29] audit: type=1326 audit(1739674283.687:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14568 comm="syz.4.3769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcf138cde9 code=0x7ffc0000 [ 251.499874][ T29] audit: type=1326 audit(1739674283.737:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14568 comm="syz.4.3769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdcf138cde9 code=0x7ffc0000 [ 251.565775][ T29] audit: type=1326 audit(1739674283.737:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14568 comm="syz.4.3769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcf138cde9 code=0x7ffc0000 [ 251.637961][ T29] audit: type=1326 audit(1739674283.737:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14568 comm="syz.4.3769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcf138cde9 code=0x7ffc0000 [ 251.696773][ T29] audit: type=1326 audit(1739674283.747:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14568 comm="syz.4.3769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdcf138cde9 code=0x7ffc0000 [ 252.068597][T14592] macsec0: entered promiscuous mode [ 252.079060][T14591] macsec0: left promiscuous mode [ 252.188586][T14599] netlink: 80 bytes leftover after parsing attributes in process `syz.5.3783'. [ 253.242380][ T29] kauditd_printk_skb: 84 callbacks suppressed [ 253.242395][ T29] audit: type=1400 audit(1739674285.567:1000): avc: denied { execute } for pid=14655 comm="syz.1.3808" path="/dev/audio1" dev="devtmpfs" ino=1292 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1 [ 253.329667][T14664] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3812'. [ 253.367491][T14667] netlink: 2 bytes leftover after parsing attributes in process `syz.0.3810'. [ 253.437101][T14672] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 253.452100][T14672] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 253.497328][ T5868] lo speed is unknown, defaulting to 1000 [ 253.993361][T14706] bond0: option resend_igmp: invalid value (7540) [ 254.007957][T14706] bond0: option resend_igmp: allowed values 0 - 255 [ 254.050105][T14710] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3829'. [ 254.050530][T14708] ubi31: attaching mtd0 [ 254.069652][T14710] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3829'. [ 254.092490][ T29] audit: type=1400 audit(1739674286.417:1001): avc: denied { write } for pid=14711 comm="syz.3.3831" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 254.127799][T14708] ubi31: scanning is finished [ 254.137916][T14708] ubi31: empty MTD device detected [ 254.184046][ T29] audit: type=1400 audit(1739674286.417:1002): avc: denied { open } for pid=14711 comm="syz.3.3831" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 254.316502][T14708] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 254.324212][T14708] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 254.332003][T14708] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 254.339127][T14708] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 254.346724][T14708] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 254.353700][T14708] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 254.373891][T14708] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1099292371 [ 254.397969][ T5870] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 254.407948][T14708] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 254.424870][T14725] ubi31: background thread "ubi_bgt31d" started, PID 14725 [ 254.570949][ T5870] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 254.600543][ T5870] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.619049][T14739] netlink: 'syz.5.3846': attribute type 1 has an invalid length. [ 254.624760][ T5870] usb 1-1: Product: syz [ 254.649031][ T5870] usb 1-1: Manufacturer: syz [ 254.653724][ T5870] usb 1-1: SerialNumber: syz [ 254.669777][ T5870] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 254.707742][ T5869] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 255.503610][T14785] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 255.517701][T14785] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 255.751130][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.759292][ T5869] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 255.766460][ T5869] ath9k_htc: Failed to initialize the device [ 255.807145][ T5869] usb 1-1: ath9k_htc: USB layer deinitialized [ 255.821885][ T5868] usb 1-1: USB disconnect, device number 28 [ 255.908196][ T8] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 256.068983][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 256.084481][ T8] usb 4-1: config 0 has no interfaces? [ 256.094382][ T8] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 256.107935][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.121651][ T8] usb 4-1: Product: syz [ 256.125823][ T8] usb 4-1: Manufacturer: syz [ 256.138119][ T8] usb 4-1: SerialNumber: syz [ 256.144802][ T8] usb 4-1: config 0 descriptor?? [ 256.253435][T14823] input: syz0 as /devices/virtual/input/input49 [ 256.384628][ T5868] usb 4-1: USB disconnect, device number 29 [ 256.445986][ T29] audit: type=1326 audit(1739674288.767:1003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14832 comm="syz.1.3896" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f915458cde9 code=0x0 [ 256.956984][T14850] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 257.387706][T14868] bio_check_eod: 2 callbacks suppressed [ 257.387722][T14868] syz.4.3902: attempt to access beyond end of device [ 257.387722][T14868] nbd4: rw=0, sector=64, nr_sectors = 1 limit=0 [ 257.419331][T14868] syz.4.3902: attempt to access beyond end of device [ 257.419331][T14868] nbd4: rw=0, sector=256, nr_sectors = 1 limit=0 [ 257.468001][T14868] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 257.517045][T14868] syz.4.3902: attempt to access beyond end of device [ 257.517045][T14868] nbd4: rw=0, sector=512, nr_sectors = 1 limit=0 [ 257.568167][T14868] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 257.583715][T14868] syz.4.3902: attempt to access beyond end of device [ 257.583715][T14868] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0 [ 257.624508][T14882] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3909'. [ 257.630757][T14868] syz.4.3902: attempt to access beyond end of device [ 257.630757][T14868] nbd4: rw=0, sector=512, nr_sectors = 2 limit=0 [ 257.688070][T14868] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 257.708117][T14868] syz.4.3902: attempt to access beyond end of device [ 257.708117][T14868] nbd4: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 257.736340][T14868] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 257.763988][T14868] syz.4.3902: attempt to access beyond end of device [ 257.763988][T14868] nbd4: rw=0, sector=64, nr_sectors = 4 limit=0 [ 257.799450][T14868] syz.4.3902: attempt to access beyond end of device [ 257.799450][T14868] nbd4: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 257.834457][T14868] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 257.862993][T14868] syz.4.3902: attempt to access beyond end of device [ 257.862993][T14868] nbd4: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 257.883826][T14868] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 257.918592][T14868] syz.4.3902: attempt to access beyond end of device [ 257.918592][T14868] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 257.972847][T14868] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 258.002447][T14868] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 258.013327][T14868] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1) [ 259.628174][ T5868] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 259.642477][T14967] overlayfs: failed to resolve 'fkill [ 259.642477][T14967] N': -2 [ 259.788154][ T5868] usb 1-1: Using ep0 maxpacket: 32 [ 259.798960][ T5868] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 259.824337][ T5868] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 259.839785][ T5868] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 259.851120][ T5868] usb 1-1: Product: syz [ 259.855330][ T5868] usb 1-1: Manufacturer: syz [ 259.861570][ T5868] usb 1-1: SerialNumber: syz [ 259.867828][ T5868] usb 1-1: config 0 descriptor?? [ 259.876934][T14956] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 260.126229][ T5868] usb 1-1: USB disconnect, device number 29 [ 260.330581][T14999] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3962'. [ 260.393379][T15003] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false [ 260.478705][T15010] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256 [ 260.488528][T15010] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512 [ 260.499699][T15010] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256 [ 260.509926][T15010] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512 [ 260.520942][T15010] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256 [ 260.547248][T15010] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512 [ 260.561282][T15010] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256 [ 260.572104][T15010] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512 [ 260.581735][T15010] UDF-fs: warning (device nbd5): udf_fill_super: No partition found (1) [ 260.694794][T15017] netlink: 87 bytes leftover after parsing attributes in process `syz.5.3970'. [ 260.781979][T15026] (unnamed net_device) (uninitialized): ARP target 9.0.0.0 is already present [ 260.791378][T15026] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (9) [ 261.001375][ T8] kernel read not supported for file /dsp (pid: 8 comm: kworker/0:0) [ 261.060164][T15038] batadv_slave_1: entered promiscuous mode [ 261.079805][T15037] batadv_slave_1: left promiscuous mode [ 261.147420][T15041] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 261.163096][T15041] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 261.184110][T15041] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 261.228170][T15041] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 261.248732][T15041] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 261.278184][T15041] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 261.298645][T15041] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 261.321300][T15041] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 261.357981][T15041] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1) [ 262.019876][T15087] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 262.047038][T15087] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 262.396801][T15107] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4011'. [ 262.462202][T15111] bio_check_eod: 26 callbacks suppressed [ 262.462217][T15111] syz.3.4013: attempt to access beyond end of device [ 262.462217][T15111] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0 [ 262.482727][T15111] syz.3.4013: attempt to access beyond end of device [ 262.482727][T15111] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0 [ 262.495793][T15111] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 262.506440][T15111] syz.3.4013: attempt to access beyond end of device [ 262.506440][T15111] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0 [ 262.519917][T15111] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 262.529929][T15111] UDF-fs: warning (device nbd3): udf_load_vrs: No anchor found [ 262.539648][T15111] UDF-fs: Scanning with blocksize 512 failed [ 262.548372][T15111] syz.3.4013: attempt to access beyond end of device [ 262.548372][T15111] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0 [ 262.562277][T15111] syz.3.4013: attempt to access beyond end of device [ 262.562277][T15111] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0 [ 262.575385][T15111] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 262.585356][T15111] syz.3.4013: attempt to access beyond end of device [ 262.585356][T15111] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 262.598549][T15111] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 262.608120][T15111] UDF-fs: warning (device nbd3): udf_load_vrs: No anchor found [ 262.615995][T15111] UDF-fs: Scanning with blocksize 1024 failed [ 262.622403][T15111] syz.3.4013: attempt to access beyond end of device [ 262.622403][T15111] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0 [ 262.635368][T15111] syz.3.4013: attempt to access beyond end of device [ 262.635368][T15111] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 262.648384][T15111] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 262.658409][T15111] syz.3.4013: attempt to access beyond end of device [ 262.658409][T15111] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 262.671971][T15111] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 262.681633][T15111] UDF-fs: warning (device nbd3): udf_load_vrs: No anchor found [ 262.689261][T15111] UDF-fs: Scanning with blocksize 2048 failed [ 262.695589][T15111] syz.3.4013: attempt to access beyond end of device [ 262.695589][T15111] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 262.708661][T15111] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 262.718246][T15111] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 262.727688][T15111] UDF-fs: warning (device nbd3): udf_load_vrs: No anchor found [ 262.735243][T15111] UDF-fs: Scanning with blocksize 4096 failed [ 262.741327][T15111] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1) [ 263.211857][T15135] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 263.318212][ T8] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 263.428278][ T5868] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 263.469537][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 263.480959][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 263.490855][ T8] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 263.500107][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.510050][ T8] usb 4-1: config 0 descriptor?? [ 263.588204][ T5868] usb 6-1: Using ep0 maxpacket: 8 [ 263.595970][ T5868] usb 6-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=e2.f2 [ 263.605147][ T5868] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.616469][ T5868] usb 6-1: config 0 descriptor?? [ 264.129398][ T8] hid-led 0003:27B8:01ED.0027: probe with driver hid-led failed with error -71 [ 264.140719][ T8] usb 4-1: USB disconnect, device number 30 [ 264.174222][T15151] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4030'. [ 264.184059][T15151] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4030'. [ 264.240716][T15152] delete_channel: no stack [ 264.248235][ T29] audit: type=1400 audit(1739674296.567:1004): avc: denied { setopt } for pid=15152 comm="syz.0.4031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 264.430700][ T5868] video4linux radio48: keene_cmd_main failed (-71) [ 264.437738][ T5868] radio-keene 6-1:0.0: V4L2 device registered as radio48 [ 264.445785][ T5868] usb 6-1: USB disconnect, device number 21 [ 264.743606][T15162] netlink: 136 bytes leftover after parsing attributes in process `syz.3.4035'. [ 264.758086][T15162] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 265.116757][T15177] sctp: [Deprecated]: syz.3.4042 (pid 15177) Use of struct sctp_assoc_value in delayed_ack socket option. [ 265.116757][T15177] Use struct sctp_sack_info instead [ 265.142679][ T29] audit: type=1400 audit(1739674297.467:1005): avc: denied { connect } for pid=15178 comm="syz.5.4043" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 265.338156][ T29] audit: type=1400 audit(1739674297.657:1006): avc: denied { mounton } for pid=15185 comm="syz.1.4046" path="/714/file0" dev="tmpfs" ino=3630 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 265.361279][ C0] vkms_vblank_simulate: vblank timer overrun [ 265.421970][ T29] audit: type=1400 audit(1739674297.747:1007): avc: denied { getopt } for pid=15190 comm="syz.0.4049" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 265.441525][ C0] vkms_vblank_simulate: vblank timer overrun [ 265.473572][T15194] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4050'. [ 265.534858][T15198] xt_hashlimit: size too large, truncated to 1048576 [ 265.644160][T15203] xt_CT: You must specify a L4 protocol and not use inversions on it [ 266.409556][T15214] hugetlbfs: syz.5.4057 (15214): Using mlock ulimits for SHM_HUGETLB is obsolete [ 266.518435][T15218] kernel profiling enabled (shift: 7) [ 266.740948][T15228] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4064'. [ 266.782526][ T29] audit: type=1326 audit(1739674299.097:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15229 comm="syz.5.4065" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa3a418cde9 code=0x0 [ 267.153864][ T5870] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 267.318060][ T5870] usb 4-1: Using ep0 maxpacket: 32 [ 267.330826][ T5870] usb 4-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 267.341979][ T5870] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 267.355148][ T5870] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 267.364786][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.373572][ T5870] usb 4-1: Product: syz [ 267.378087][ T5870] usb 4-1: Manufacturer: syz [ 267.386179][ T5870] usb 4-1: SerialNumber: syz [ 267.622584][ T5870] usb 4-1: unknown interface protocol 0xff, assuming v1 [ 267.637898][ T5870] usb 4-1: cannot find UAC_HEADER [ 267.670643][ T5870] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 267.700206][T15277] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4083'. [ 267.709529][ T5870] usb 4-1: USB disconnect, device number 31 [ 268.276330][T15308] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22 [ 268.317681][ T29] audit: type=1400 audit(1739674300.637:1009): avc: denied { mount } for pid=15307 comm="syz.3.4097" name="/" dev="rpc_pipefs" ino=44749 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 268.724250][T15340] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 268.925791][ T29] audit: type=1326 audit(1739674301.247:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15356 comm="syz.3.4120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c778cde9 code=0x7ffc0000 [ 268.985266][ T29] audit: type=1326 audit(1739674301.247:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15356 comm="syz.3.4120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c778cde9 code=0x7ffc0000 [ 269.043649][ T29] audit: type=1326 audit(1739674301.247:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15356 comm="syz.3.4120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f03c778cde9 code=0x7ffc0000 [ 269.113189][ T29] audit: type=1326 audit(1739674301.247:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15356 comm="syz.3.4120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c778cde9 code=0x7ffc0000 [ 269.143373][T15362] netlink: 'syz.5.4122': attribute type 1 has an invalid length. [ 269.162045][ T5870] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 269.167967][T15362] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4122'. [ 269.334339][ T5870] usb 1-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac [ 269.344858][ T5870] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 269.358691][ T5870] usb 1-1: Product: syz [ 269.362871][ T5870] usb 1-1: Manufacturer: syz [ 269.372899][ T5870] usb 1-1: SerialNumber: syz [ 269.379610][ T5870] usb 1-1: config 0 descriptor?? [ 269.393696][ T5870] usb 1-1: interface 1 not found [ 269.528085][ T5869] usb 6-1: new full-speed USB device number 22 using dummy_hcd [ 269.597982][ T5870] usb 1-1: USB disconnect, device number 30 [ 269.606838][T15380] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 269.714419][ T5869] usb 6-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 269.724810][ T5869] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.745340][ T5869] usb 6-1: config 0 descriptor?? [ 269.758437][ T5869] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 269.899623][T15384] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input51 [ 269.977320][ T5869] gp8psk: usb in 128 operation failed. [ 270.184512][ T5869] gp8psk: FW Version = 48.28.159 (0x301c9f) Build 2206/163/118 [ 270.385266][ T5869] gp8psk: usb in 149 operation failed. [ 270.393019][ T5869] gp8psk: failed to get FPGA version [ 270.414016][ T5869] gp8psk: usb in 138 operation failed. [ 270.429784][ T5869] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 270.451703][ T5869] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 270.477583][ T5869] usb 6-1: USB disconnect, device number 22 [ 270.852223][T15405] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4141'. [ 270.868145][T15405] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4141'. [ 271.338658][T15427] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4152'. [ 271.590014][T15445] random: crng reseeded on system resumption [ 271.743351][T15450] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4161'. [ 271.762624][T15450] netlink: 72 bytes leftover after parsing attributes in process `syz.4.4161'. [ 271.778327][ T5868] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 271.792620][T15450] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4161'. [ 271.801926][T15450] netlink: 72 bytes leftover after parsing attributes in process `syz.4.4161'. [ 271.837214][T15452] netlink: 'syz.1.4162': attribute type 25 has an invalid length. [ 271.853912][T15452] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4162'. [ 271.937911][ T5868] usb 1-1: Using ep0 maxpacket: 16 [ 271.950054][T15458] ubi: mtd0 is already attached to ubi31 [ 271.957136][ T5868] usb 1-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 271.966985][ T5868] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.987367][ T5868] usb 1-1: Product: syz [ 271.992695][ T5868] usb 1-1: Manufacturer: syz [ 271.997517][ T5868] usb 1-1: SerialNumber: syz [ 272.031122][ T5868] usb 1-1: config 0 descriptor?? [ 272.059524][ T5868] visor 1-1:0.0: Sony Clie 3.5 converter detected [ 272.304708][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 272.304722][ T29] audit: type=1400 audit(1739674304.627:1020): avc: denied { getopt } for pid=15472 comm="syz.5.4172" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 272.479369][T15481] netlink: 'syz.4.4176': attribute type 1 has an invalid length. [ 272.494367][ T5868] usb 1-1: Sony Clie 3.5 converter now attached to ttyUSB0 [ 272.505789][T15481] netlink: 224 bytes leftover after parsing attributes in process `syz.4.4176'. [ 272.693013][ T5870] usb 1-1: USB disconnect, device number 31 [ 272.705212][ T5870] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0 [ 272.725547][ T5870] visor 1-1:0.0: device disconnected [ 273.086080][ T29] audit: type=1400 audit(1739674305.407:1021): avc: denied { watch } for pid=15518 comm="syz.5.4193" path="/317/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=1629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 273.184756][ T29] audit: type=1400 audit(1739674305.407:1022): avc: denied { watch_sb watch_reads } for pid=15518 comm="syz.5.4193" path="/317/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=1629 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 273.394154][ T29] audit: type=1400 audit(1739674305.717:1023): avc: denied { read } for pid=15534 comm="syz.1.4201" path="socket:[46264]" dev="sockfs" ino=46264 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 273.447969][ T29] audit: type=1326 audit(1739674305.747:1024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15488 comm="syz.4.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcf138cde9 code=0x7fc00000 [ 273.567999][ T5868] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 273.718081][ T5870] kernel read not supported for file /adsp1 (pid: 5870 comm: kworker/1:4) [ 273.719181][ T5868] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 273.758860][ T5868] usb 6-1: New USB device found, idVendor=04b4, idProduct=de64, bcdDevice= 0.00 [ 273.787918][ T5868] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.811494][ T5868] usb 6-1: config 0 descriptor?? [ 274.237190][T15563] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4212'. [ 274.244560][ T5868] cypress 0003:04B4:DE64.0028: item fetching failed at offset 5/7 [ 274.266047][ T5868] cypress 0003:04B4:DE64.0028: parse failed [ 274.281695][ T5868] cypress 0003:04B4:DE64.0028: probe with driver cypress failed with error -22 [ 274.391870][T15576] batadv_slave_1: entered promiscuous mode [ 274.405319][T15576] batadv_slave_1: left promiscuous mode [ 274.448576][ T5868] usb 6-1: USB disconnect, device number 23 [ 274.581560][T15591] netlink: 'syz.1.4226': attribute type 1 has an invalid length. [ 274.755610][T15600] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 274.958987][ T5870] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 274.995711][ T5869] lo speed is unknown, defaulting to 1000 [ 275.008991][T15615] input: syz0 as /devices/virtual/input/input52 [ 275.129745][ T5870] usb 4-1: unable to get BOS descriptor or descriptor too short [ 275.139158][ T5870] usb 4-1: config 1 interface 0 altsetting 5 bulk endpoint 0x82 has invalid maxpacket 1024 [ 275.149842][ T5870] usb 4-1: config 1 interface 0 altsetting 5 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 275.162908][ T5870] usb 4-1: config 1 interface 0 has no altsetting 0 [ 275.171284][ T5870] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 275.181847][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.190340][ T5870] usb 4-1: Product: syz [ 275.195461][ T5870] usb 4-1: Manufacturer: syz [ 275.200198][ T5870] usb 4-1: SerialNumber: syz [ 275.207169][T15585] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 275.214743][T15585] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 275.280118][ T29] audit: type=1400 audit(1739674307.607:1025): avc: denied { ioctl } for pid=15622 comm="syz.0.4240" path="socket:[46045]" dev="sockfs" ino=46045 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 275.306780][ T29] audit: type=1400 audit(1739674307.607:1026): avc: denied { create } for pid=15624 comm="syz.5.4241" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 275.327799][ T29] audit: type=1400 audit(1739674307.607:1027): avc: denied { setattr } for pid=15624 comm="syz.5.4241" name="file0" dev="tmpfs" ino=1660 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 275.399131][ T29] audit: type=1326 audit(1739674307.717:1028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15588 comm="syz.4.4225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcf138cde9 code=0x7fc00000 [ 275.431844][ T5870] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 275.443978][ T5870] usb 4-1: USB disconnect, device number 32 [ 276.015475][T15673] sp0: Synchronizing with TNC [ 276.196947][ T29] audit: type=1400 audit(1739674308.517:1029): avc: denied { mount } for pid=15681 comm="syz.3.4269" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 276.228452][ T5870] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 276.408063][ T5870] usb 1-1: Using ep0 maxpacket: 8 [ 276.416560][ T5870] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 276.424796][ T5870] usb 1-1: config 0 has no interface number 0 [ 276.433070][ T5870] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 276.444750][ T5870] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 276.454853][ T5870] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.467588][ T5870] usb 1-1: config 0 descriptor?? [ 276.479265][ T5870] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 276.608002][ T8] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 276.679725][ T5870] usb 1-1: USB disconnect, device number 32 [ 276.777990][ T8] usb 6-1: Using ep0 maxpacket: 32 [ 276.784778][ T8] usb 6-1: config 0 interface 0 has no altsetting 0 [ 276.806268][ T8] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 276.825337][ T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.833671][ T8] usb 6-1: Product: syz [ 276.842014][ T8] usb 6-1: Manufacturer: syz [ 276.846767][ T8] usb 6-1: SerialNumber: syz [ 276.853658][ T8] usb 6-1: config 0 descriptor?? [ 277.028786][ T5898] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 277.177917][ T5898] usb 4-1: Using ep0 maxpacket: 32 [ 277.184294][ T5898] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 277.196069][ T5898] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 277.206438][ T5898] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 277.215643][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.229373][ T5898] usb 4-1: config 0 descriptor?? [ 277.268320][ T8] gs_usb 6-1:0.0: Configuring for 1 interfaces [ 277.642111][ T5898] kone 0003:1E7D:2CED.0029: item fetching failed at offset 3/5 [ 277.650376][ T5898] kone 0003:1E7D:2CED.0029: parse failed [ 277.656046][ T5898] kone 0003:1E7D:2CED.0029: probe with driver kone failed with error -22 [ 277.675369][ T8] gs_usb 6-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO) [ 277.684947][ T8] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -71 [ 277.696361][ T8] usb 6-1: USB disconnect, device number 24 [ 277.853013][ T5868] usb 4-1: USB disconnect, device number 33 [ 279.155006][T15755] lo speed is unknown, defaulting to 1000 [ 279.467941][ T45] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 279.628377][ T45] usb 6-1: Using ep0 maxpacket: 32 [ 279.639166][ T45] usb 6-1: config 0 has an invalid interface number: 215 but max is 0 [ 279.658083][ T45] usb 6-1: config 0 has no interface number 0 [ 279.669866][ T45] usb 6-1: New USB device found, idVendor=1608, idProduct=0301, bcdDevice=f1.24 [ 279.681383][ T45] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.700090][ T45] usb 6-1: Product: syz [ 279.709801][ T45] usb 6-1: Manufacturer: syz [ 279.718937][ T45] usb 6-1: SerialNumber: syz [ 279.732118][ T45] usb 6-1: config 0 descriptor?? [ 279.744096][ T45] io_ti 6-1:0.215: required endpoints missing [ 279.961945][ T45] usb 6-1: USB disconnect, device number 25 [ 280.268155][ T29] kauditd_printk_skb: 7 callbacks suppressed [ 280.268170][ T29] audit: type=1400 audit(1739674312.587:1037): avc: denied { read } for pid=15791 comm="syz.1.4318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 280.869663][ T29] audit: type=1400 audit(1739674313.197:1038): avc: denied { watch watch_reads } for pid=15805 comm="syz.1.4325" path="/proc/1657/net/unix" dev="proc" ino=4026533164 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 281.862807][T15854] openvswitch: netlink: nsh attr 88 is out of range max 3 [ 281.882784][T15854] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 282.095122][T15865] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave [ 282.138001][T15865] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1) [ 282.252813][T15872] __nla_validate_parse: 2 callbacks suppressed [ 282.252837][T15872] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4355'. [ 282.491769][ T29] audit: type=1400 audit(1739674314.817:1039): avc: denied { ioctl } for pid=15885 comm="syz.4.4362" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 282.701780][T15896] 9pnet_virtio: no channels available for device syz [ 282.879868][ T29] audit: type=1400 audit(1739674315.207:1040): avc: denied { map } for pid=15899 comm="syz.0.4368" path="/dev/sg0" dev="devtmpfs" ino=728 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 282.934802][ T29] audit: type=1400 audit(1739674315.207:1041): avc: denied { execute } for pid=15899 comm="syz.0.4368" path="/dev/sg0" dev="devtmpfs" ino=728 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 283.390351][T15921] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4378'. [ 283.427802][T15921] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4378'. [ 283.453724][T15921] vlan2: entered allmulticast mode [ 283.494019][T15925] netlink: 'syz.0.4380': attribute type 3 has an invalid length. [ 283.532297][T15925] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4380'. [ 284.714719][T15978] GUP no longer grows the stack in syz.5.4405 (15978): 400000009000-40000000a000 (400000005000) [ 284.736126][T15978] CPU: 0 UID: 0 PID: 15978 Comm: syz.5.4405 Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0 [ 284.736154][T15978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 284.736165][T15978] Call Trace: [ 284.736170][T15978] [ 284.736177][T15978] dump_stack_lvl+0x16c/0x1f0 [ 284.736202][T15978] gup_vma_lookup+0x1d2/0x220 [ 284.736229][T15978] __get_user_pages+0x236/0x36f0 [ 284.736254][T15978] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 284.736280][T15978] ? __gup_longterm_locked+0x124/0x1870 [ 284.736298][T15978] ? __gup_longterm_locked+0x124/0x1870 [ 284.736318][T15978] ? __pfx___get_user_pages+0x10/0x10 [ 284.736341][T15978] ? down_read_killable+0xcc/0x380 [ 284.736361][T15978] ? __pfx_down_read_killable+0x10/0x10 [ 284.736381][T15978] ? mark_lock+0xb5/0xc60 [ 284.736403][T15978] ? find_held_lock+0x2d/0x110 [ 284.736424][T15978] __gup_longterm_locked+0x212/0x1870 [ 284.736442][T15978] ? __pfx_lock_release+0x10/0x10 [ 284.736464][T15978] ? trace_lock_acquire+0x14e/0x1f0 [ 284.736488][T15978] ? __pfx___gup_longterm_locked+0x10/0x10 [ 284.736503][T15978] ? gup_fast_fallback+0x84c/0x2690 [ 284.736518][T15978] ? __pfx_lock_release+0x10/0x10 [ 284.736544][T15978] ? mark_held_locks+0x9f/0xe0 [ 284.736571][T15978] gup_fast_fallback+0x1802/0x2690 [ 284.736602][T15978] ? __pfx_gup_fast_fallback+0x10/0x10 [ 284.736624][T15978] ? hlock_class+0x4e/0x130 [ 284.736648][T15978] get_user_pages_fast+0xa8/0x100 [ 284.736665][T15978] ? __pfx_get_user_pages_fast+0x10/0x10 [ 284.736684][T15978] ? iov_iter_advance+0x1e3/0x6c0 [ 284.736716][T15978] __iov_iter_get_pages_alloc+0x8ed/0x2280 [ 284.736737][T15978] ? trace_contention_end+0xee/0x140 [ 284.736762][T15978] ? __mutex_lock+0x1cc/0xb10 [ 284.736781][T15978] ? __pfx___iov_iter_get_pages_alloc+0x10/0x10 [ 284.736805][T15978] ? pipe_lock+0x64/0x80 [ 284.736826][T15978] ? __pfx___mutex_lock+0x10/0x10 [ 284.736845][T15978] ? iovec_from_user.part.0+0x7e/0x130 [ 284.736880][T15978] iov_iter_get_pages2+0xa4/0x100 [ 284.736899][T15978] ? __pfx_iov_iter_get_pages2+0x10/0x10 [ 284.736917][T15978] ? wait_for_space+0x224/0x2d0 [ 284.736945][T15978] ? add_to_pipe+0x1c0/0x3c0 [ 284.736972][T15978] __do_sys_vmsplice+0xa13/0xef0 [ 284.737007][T15978] ? __pfx___do_sys_vmsplice+0x10/0x10 [ 284.737044][T15978] ? __pfx_futex_wait+0x10/0x10 [ 284.737077][T15978] ? lock_acquire.part.0+0x11b/0x380 [ 284.737101][T15978] ? find_held_lock+0x2d/0x110 [ 284.737147][T15978] ? rcu_is_watching+0x12/0xc0 [ 284.737173][T15978] ? do_syscall_64+0xcd/0x250 [ 284.737190][T15978] do_syscall_64+0xcd/0x250 [ 284.737211][T15978] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.737236][T15978] RIP: 0033:0x7fa3a418cde9 [ 284.737251][T15978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 284.737267][T15978] RSP: 002b:00007fa3a5008038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 284.737285][T15978] RAX: ffffffffffffffda RBX: 00007fa3a43a5fa0 RCX: 00007fa3a418cde9 [ 284.737296][T15978] RDX: 0000000000000002 RSI: 0000400000000280 RDI: 0000000000000004 [ 284.737306][T15978] RBP: 00007fa3a420e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 284.737316][T15978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 284.737326][T15978] R13: 0000000000000000 R14: 00007fa3a43a5fa0 R15: 00007ffdb21ba308 [ 284.737350][T15978] [ 285.708970][T15994] overlayfs: missing 'workdir' [ 286.006847][T16010] netlink: 'syz.5.4419': attribute type 1 has an invalid length. [ 286.118819][T16014] sch_fq: defrate 511 ignored. [ 287.404391][ T29] audit: type=1400 audit(1739674319.724:1042): avc: denied { setopt } for pid=16042 comm="syz.0.4434" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 287.736879][T16060] kvm: kvm [16059]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x40000015) [ 287.783690][T16062] netlink: 10 bytes leftover after parsing attributes in process `syz.0.4444'. [ 288.077044][T16076] netlink: 165 bytes leftover after parsing attributes in process `syz.0.4449'. [ 288.922194][T16106] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 289.132041][T16119] tipc: Enabled bearer , priority 10 [ 289.225064][T16127] IPv6: Can't replace route, no match found [ 289.954832][T16171] netlink: 60 bytes leftover after parsing attributes in process `syz.4.4495'. [ 290.019171][ T5868] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 290.044289][T16173] vxcan3: entered allmulticast mode [ 290.150103][ T8] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 290.179925][ T5868] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 290.197876][ T5868] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 290.217937][ T5868] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 290.227031][ T5868] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.259386][ T5868] usb 1-1: config 0 descriptor?? [ 290.317905][ T8] usb 6-1: Using ep0 maxpacket: 32 [ 290.324397][ T8] usb 6-1: config 0 interface 0 has no altsetting 0 [ 290.351152][ T8] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 290.367941][ T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.376004][ T8] usb 6-1: Product: syz [ 290.398050][ T8] usb 6-1: Manufacturer: syz [ 290.402720][ T8] usb 6-1: SerialNumber: syz [ 290.419558][ T8] usb 6-1: config 0 descriptor?? [ 290.514872][T16185] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4502'. [ 290.530225][T16185] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4502'. [ 290.541825][T16185] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4502'. [ 290.683408][ T5868] cm6533_jd 0003:0D8C:0022.002A: unknown main item tag 0x0 [ 290.695579][ T5868] cm6533_jd 0003:0D8C:0022.002A: item fetching failed at offset 4/5 [ 290.718349][ T5868] cm6533_jd 0003:0D8C:0022.002A: parse failed [ 290.724553][ T5868] cm6533_jd 0003:0D8C:0022.002A: probe with driver cm6533_jd failed with error -22 [ 290.836347][ T8] gs_usb 6-1:0.0: Configuring for 1 interfaces [ 290.919319][ T5868] usb 1-1: USB disconnect, device number 33 [ 291.036908][ T8] gs_usb 6-1:0.0: Couldn't get bit timing const for channel 0 (-EPROTO) [ 291.045651][ T8] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -71 [ 291.063430][ T8] usb 6-1: USB disconnect, device number 26 [ 291.857620][ T29] audit: type=1400 audit(1739674324.174:1043): avc: denied { write } for pid=16207 comm="syz.0.4513" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 292.196903][T16226] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4523'. [ 292.321274][T16234] rdma_op ffff8880616ba1f0 conn xmit_rdma 0000000000000000 [ 292.415906][T16237] sg_write: data in/out 1837/10 bytes for SCSI command 0xc7-- guessing data in; [ 292.415906][T16237] program syz.0.4527 not setting count and/or reply_len properly [ 292.738971][T16255] siw: device registration error -23 [ 293.340447][T16284] vxcan3: entered allmulticast mode [ 293.398556][T16287] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4550'. [ 293.838699][ T29] audit: type=1400 audit(1739674326.154:1044): avc: denied { accept } for pid=16303 comm="syz.1.4557" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 294.483119][T11419] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 294.495119][T11419] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 294.514809][T11419] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 294.549720][T11419] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 294.567097][T11419] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 294.576412][T11419] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 294.614838][T16330] lo speed is unknown, defaulting to 1000 [ 294.736406][T16330] chnl_net:caif_netlink_parms(): no params data found [ 294.793927][T16353] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun! [ 294.948796][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.040936][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.165134][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.206947][T16330] bridge0: port 1(bridge_slave_0) entered blocking state [ 295.235638][T16330] bridge0: port 1(bridge_slave_0) entered disabled state [ 295.243361][T16330] bridge_slave_0: entered allmulticast mode [ 295.255499][T16330] bridge_slave_0: entered promiscuous mode [ 295.286428][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.301275][T16330] bridge0: port 2(bridge_slave_1) entered blocking state [ 295.308637][T16330] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.315828][T16330] bridge_slave_1: entered allmulticast mode [ 295.323283][T16330] bridge_slave_1: entered promiscuous mode [ 295.354052][T16330] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 295.368041][ T5898] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 295.371075][T16330] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 295.406796][T16384] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4591'. [ 295.408206][ T1554] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 295.439409][T16330] team0: Port device team_slave_0 added [ 295.448510][T16384] vlan0: entered allmulticast mode [ 295.453735][T16384] vlan1: entered allmulticast mode [ 295.458981][T16384] veth0_vlan: entered allmulticast mode [ 295.481840][T16330] team0: Port device team_slave_1 added [ 295.510505][T16330] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 295.517448][T16330] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 295.544192][T16330] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 295.553501][ T5898] usb 6-1: Using ep0 maxpacket: 8 [ 295.556447][T16330] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 295.567210][T16330] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 295.573297][ T5898] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 295.593993][T16330] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 295.608684][ T5898] usb 6-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 295.613023][ T1554] usb 1-1: Using ep0 maxpacket: 8 [ 295.628263][ T5898] usb 6-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 295.634203][ T1554] usb 1-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 295.636392][ T5898] usb 6-1: Product: syz [ 295.647612][ T1554] usb 1-1: config 0 interface 0 altsetting 13 endpoint 0x81 has invalid wMaxPacketSize 0 [ 295.651742][ T5898] usb 6-1: Manufacturer: syz [ 295.666199][ T5898] usb 6-1: SerialNumber: syz [ 295.668207][ T1554] usb 1-1: config 0 interface 0 has no altsetting 0 [ 295.672180][ T11] bridge_slave_1: left allmulticast mode [ 295.677478][ T1554] usb 1-1: New USB device found, idVendor=05ac, idProduct=029f, bcdDevice= 0.00 [ 295.688579][ T11] bridge_slave_1: left promiscuous mode [ 295.692350][ T1554] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.699391][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.714295][ T1554] usb 1-1: config 0 descriptor?? [ 295.720073][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 295.916195][ T5898] usb 6-1: Handspring Visor / Palm OS: No valid connect info available [ 295.925868][ T5898] usb 6-1: Handspring Visor / Palm OS: port 0, is for Generic use [ 295.945904][ T5898] usb 6-1: Handspring Visor / Palm OS: port 0, is for Generic use [ 295.953935][ T5898] usb 6-1: Handspring Visor / Palm OS: Number of ports: 2 [ 296.086443][ T11] bond0 (unregistering): left promiscuous mode [ 296.092756][ T11] bond_slave_0: left promiscuous mode [ 296.098504][ T11] bond_slave_1: left promiscuous mode [ 296.117055][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 296.117124][ T5898] visor 6-1:1.0: Handspring Visor / Palm OS converter detected [ 296.136130][ T1554] apple 0003:05AC:029F.002B: hidraw0: USB HID v0.00 Device [HID 05ac:029f] on usb-dummy_hcd.0-1/input0 [ 296.139092][ T5898] usb 6-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 296.156775][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 296.167713][ T5898] usb 6-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 296.177681][ T11] bond0 (unregistering): Released all slaves [ 296.207224][T16330] hsr_slave_0: entered promiscuous mode [ 296.217513][T16330] hsr_slave_1: entered promiscuous mode [ 296.225972][T16330] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 296.234334][T16330] Cannot create hsr debugfs directory [ 296.240064][ T11] tipc: Left network mode [ 296.362902][ T11] hsr_slave_0: left promiscuous mode [ 296.372920][ T11] hsr_slave_1: left promiscuous mode [ 296.384265][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 296.388494][ T1554] usb 6-1: USB disconnect, device number 27 [ 296.392682][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 296.405041][ T5868] usb 1-1: USB disconnect, device number 34 [ 296.411332][ T1554] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 296.411575][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 296.430529][ T1554] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 296.433736][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 296.441671][ T1554] visor 6-1:1.0: device disconnected [ 296.460640][ T11] veth1_macvtap: left promiscuous mode [ 296.466229][ T11] veth0_macvtap: left promiscuous mode [ 296.472328][ T11] veth0_vlan: left promiscuous mode [ 296.512026][ T11] pim6reg (unregistering): left allmulticast mode [ 296.628075][ T5822] Bluetooth: hci5: command tx timeout [ 296.900435][T16387] block nbd4: not configured, cannot reconfigure [ 297.228149][T16400] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 297.311776][ T5898] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 297.388783][T16396] lo speed is unknown, defaulting to 1000 [ 297.460732][T16330] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 297.483046][ T5898] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 297.497171][T16330] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 297.504573][ T5898] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 297.539118][ T5898] usb 1-1: New USB device found, idVendor=058f, idProduct=9410, bcdDevice= 0.00 [ 297.566695][ T5898] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.566698][T16330] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 297.569116][ T5898] usb 1-1: config 0 descriptor?? [ 297.594865][T16330] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 297.642764][T16408] batadv_slave_1: entered promiscuous mode [ 297.709517][T16408] batadv_slave_1: left promiscuous mode [ 297.778306][ T11] IPVS: stop unused estimator thread 0... [ 297.790368][T16330] 8021q: adding VLAN 0 to HW filter on device bond0 [ 297.833999][T16330] 8021q: adding VLAN 0 to HW filter on device team0 [ 297.892373][ T186] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.899530][ T186] bridge0: port 1(bridge_slave_0) entered forwarding state [ 297.900651][ T29] audit: type=1326 audit(1739674330.224:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16414 comm="syz.5.4608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3a418cde9 code=0x7ffc0000 [ 297.931717][T16415] syz.5.4608 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 297.942963][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.950047][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 297.997885][ T29] audit: type=1326 audit(1739674330.254:1046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16414 comm="syz.5.4608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3a418cde9 code=0x7ffc0000 [ 298.058006][ T29] audit: type=1326 audit(1739674330.254:1047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16414 comm="syz.5.4608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=38 compat=0 ip=0x7fa3a418cde9 code=0x7ffc0000 [ 298.088506][ T5898] maltron 0003:058F:9410.002C: hidraw0: USB HID v0.00 Device [HID 058f:9410] on usb-dummy_hcd.0-1/input0 [ 298.106800][ T29] audit: type=1326 audit(1739674330.284:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16414 comm="syz.5.4608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3a418cde9 code=0x7ffc0000 [ 298.242026][ T5898] usb 1-1: USB disconnect, device number 35 [ 298.275514][T16330] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 298.454564][T16330] veth0_vlan: entered promiscuous mode [ 298.465760][T16330] veth1_vlan: entered promiscuous mode [ 298.491590][T16330] veth0_macvtap: entered promiscuous mode [ 298.505597][T16330] veth1_macvtap: entered promiscuous mode [ 298.523489][T16330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 298.534125][T16330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.549808][T16330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 298.564102][T16330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.574624][T16330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 298.585528][T16330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.595810][T16330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 298.606947][T16330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.623482][T16330] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 298.636738][T16330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.651640][T16330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.662341][T16330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.673401][T16330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.683421][T16330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.694302][T16330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.708676][ T5822] Bluetooth: hci5: command tx timeout [ 298.717762][T16330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.731925][T16330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.744449][T16330] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 298.760604][T16330] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.773003][T16330] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.783584][T16330] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.796732][T16330] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.920613][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.943595][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.983233][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.992781][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 299.208099][ T5868] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 299.372542][ T5868] usb 6-1: Using ep0 maxpacket: 32 [ 299.398658][ T5868] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 299.408778][ T5868] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.430990][T16445] lo speed is unknown, defaulting to 1000 [ 299.431304][ T5868] usb 6-1: config 0 descriptor?? [ 299.666733][ T5868] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 299.688169][ T5868] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 299.708253][ T5868] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 299.728039][ T5868] usb 6-1: media controller created [ 299.751760][ T5868] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 299.760472][T16448] batadv_slave_1: entered promiscuous mode [ 299.767723][T16448] batadv_slave_1: left promiscuous mode [ 300.293080][ T5868] az6027: usb out operation failed. (-71) [ 300.299397][ T5868] stb0899_attach: Driver disabled by Kconfig [ 300.305385][ T5868] az6027: no front-end attached [ 300.305385][ T5868] [ 300.341116][ T5868] az6027: usb out operation failed. (-71) [ 300.346884][ T5868] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 300.373658][ T5868] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input53 [ 300.400128][ T5868] dvb-usb: schedule remote query interval to 400 msecs. [ 300.407144][ T5868] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 300.448820][ T5868] usb 6-1: USB disconnect, device number 28 [ 300.509045][ T5868] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 300.788114][ T5822] Bluetooth: hci5: command tx timeout [ 300.851147][T16465] can0: slcan on ptm0. [ 300.908879][T16464] can0 (unregistered): slcan off ptm0. [ 301.729691][T16485] netlink: 48 bytes leftover after parsing attributes in process `syz.6.4635'. [ 301.789733][T16485] netlink: 48 bytes leftover after parsing attributes in process `syz.6.4635'. [ 302.336511][T16499] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4642'. [ 302.365243][T16499] netlink: 'syz.5.4642': attribute type 4 has an invalid length. [ 302.373947][T16501] 9pnet_virtio: no channels available for device syz [ 302.406958][T16499] netlink: 'syz.5.4642': attribute type 1 has an invalid length. [ 302.675104][T16511] netlink: 'syz.4.4645': attribute type 13 has an invalid length. [ 302.705655][T16511] gretap0: refused to change device tx_queue_len [ 302.738258][T16511] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 302.870841][ T5822] Bluetooth: hci5: command tx timeout [ 303.712493][ T29] audit: type=1400 audit(1739674336.024:1049): avc: denied { connect } for pid=16539 comm="syz.6.4659" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 303.732667][ C1] vkms_vblank_simulate: vblank timer overrun [ 304.524713][ T29] audit: type=1400 audit(1739674336.844:1050): avc: denied { read } for pid=16558 comm="syz.5.4668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 305.276998][ T29] audit: type=1400 audit(1739674337.594:1051): avc: denied { bind } for pid=16585 comm="syz.4.4682" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 305.423477][T16592] nbd: nbd4 already in use [ 306.297986][ T5898] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 306.459140][ T5898] usb 6-1: Using ep0 maxpacket: 16 [ 306.476424][ T5898] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 306.493573][ T5898] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 306.517883][ T5898] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 306.542775][ T5898] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 306.568883][ T5898] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 306.598267][ T29] audit: type=1400 audit(1739674338.914:1052): avc: denied { write } for pid=16625 comm="syz.6.4700" path="socket:[51949]" dev="sockfs" ino=51949 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 306.614608][T16629] netlink: 56 bytes leftover after parsing attributes in process `syz.4.4701'. [ 306.648159][ T5898] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 306.657316][ T5898] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 306.657321][T16629] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4701'. [ 306.688102][ T5898] usb 6-1: Manufacturer: syz [ 306.698671][ T5898] usb 6-1: config 0 descriptor?? [ 306.930362][T16633] can0: slcan on ttyS3. [ 306.987916][ T5898] rc_core: IR keymap rc-hauppauge not found [ 306.994466][T16633] can0 (unregistered): slcan off ttyS3. [ 307.000563][ T5898] Registered IR keymap rc-empty [ 307.005489][ T5898] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 307.057955][ T5898] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 307.078825][ T5898] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 307.101691][ T5898] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input54 [ 307.139436][ T5898] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 307.162235][ T5898] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 307.208356][ T5898] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 307.238243][ T5898] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 307.258322][ T5898] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 307.297988][ T5898] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 307.348868][ T5898] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 307.379364][ T5898] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 307.438618][ T5898] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 307.490191][ T5898] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 307.549057][ T5898] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 307.572404][ T5898] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 307.622216][ T5898] usb 6-1: USB disconnect, device number 29 [ 308.251201][ T29] audit: type=1326 audit(1739674340.574:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16674 comm="syz.4.4717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcf138cde9 code=0x7ffc0000 [ 308.274681][ C1] vkms_vblank_simulate: vblank timer overrun [ 308.337887][ T29] audit: type=1326 audit(1739674340.574:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16674 comm="syz.4.4717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcf138cde9 code=0x7ffc0000 [ 308.372129][ T29] audit: type=1326 audit(1739674340.624:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16674 comm="syz.4.4717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fdcf138cde9 code=0x7ffc0000 [ 308.396999][T16680] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16680 comm=syz.6.4718 [ 308.437166][ T29] audit: type=1326 audit(1739674340.624:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16674 comm="syz.4.4717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcf138cde9 code=0x7ffc0000 [ 308.460640][ C1] vkms_vblank_simulate: vblank timer overrun [ 308.541833][ T29] audit: type=1326 audit(1739674340.624:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16674 comm="syz.4.4717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcf138cde9 code=0x7ffc0000 [ 308.627261][ T29] audit: type=1326 audit(1739674340.624:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16674 comm="syz.4.4717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=67 compat=0 ip=0x7fdcf138cde9 code=0x7ffc0000 [ 310.038737][T16704] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 310.060450][T16704] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 310.366727][T16732] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode [ 310.412888][T16732] macsec1: entered promiscuous mode [ 310.438078][T16732] macsec1: entered allmulticast mode [ 310.443422][T16732] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode [ 310.838805][T16749] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4750'. [ 310.981124][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 310.981139][ T29] audit: type=1400 audit(1739674343.304:1061): avc: denied { watch watch_reads } for pid=16754 comm="syz.5.4753" path="pipe:[53267]" dev="pipefs" ino=53267 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 311.150921][T16758] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4755'. [ 311.548399][ T1554] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 311.709249][ T1554] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 311.735857][ T1554] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 311.774968][ T1554] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 311.794685][ T1554] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.824202][ T1554] usb 6-1: config 0 descriptor?? [ 312.080150][T16792] MPI: mpi too large (187712 bits) [ 312.660990][ T1554] uclogic 0003:256C:006D.002D: failed retrieving Huion firmware version: -71 [ 312.687714][ T1554] uclogic 0003:256C:006D.002D: failed probing parameters: -71 [ 312.718651][ T1554] uclogic 0003:256C:006D.002D: probe with driver uclogic failed with error -71 [ 312.759581][ T1554] usb 6-1: USB disconnect, device number 30 [ 312.878668][T11419] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 312.892362][T11419] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 312.903011][T11419] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 312.924038][T11419] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 312.936938][T11419] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 312.955731][T11419] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 313.063534][T16813] lo speed is unknown, defaulting to 1000 [ 313.213092][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.257022][T16813] chnl_net:caif_netlink_parms(): no params data found [ 313.372927][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.377918][ T5898] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 313.499499][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.539338][T16813] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.552041][T16813] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.568148][ T5898] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 313.588004][T16813] bridge_slave_0: entered allmulticast mode [ 313.607969][ T5898] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 313.633150][T16813] bridge_slave_0: entered promiscuous mode [ 313.639196][ T5898] usb 7-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 313.651053][T16813] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.668044][ T5898] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.673547][T16813] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.685741][ T5898] usb 7-1: config 0 descriptor?? [ 313.694339][T16813] bridge_slave_1: entered allmulticast mode [ 313.709030][T16813] bridge_slave_1: entered promiscuous mode [ 313.747514][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.850444][T16813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 313.901255][T16813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 313.995575][T16813] team0: Port device team_slave_0 added [ 314.033887][T16813] team0: Port device team_slave_1 added [ 314.071659][T16813] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 314.091395][T16813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 314.160130][ T5898] steelseries 0003:1038:12B6.002E: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.6-1/input0 [ 314.194078][T16813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 314.299450][T16813] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 314.306458][T16813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 314.386842][T16813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 314.530140][ T11] veth3: left allmulticast mode [ 314.587368][ T11] veth3: left promiscuous mode [ 314.606286][ T11] bridge0: port 3(veth3) entered disabled state [ 314.614176][ T5869] usb 7-1: USB disconnect, device number 2 [ 314.622445][ T11] bridge_slave_1: left allmulticast mode [ 314.645691][ T11] bridge_slave_1: left promiscuous mode [ 314.662014][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 314.682106][ T11] bridge_slave_0: left allmulticast mode [ 314.687809][ T11] bridge_slave_0: left promiscuous mode [ 314.696047][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 314.813353][T11419] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 314.828450][T11419] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 314.837162][T11419] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 314.845929][T11419] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 314.853815][T11419] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 314.861182][T11419] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 314.939138][ T11] gretap0 (unregistering): left allmulticast mode [ 315.029563][T11419] Bluetooth: hci1: command tx timeout [ 315.124329][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 315.142004][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 315.153142][ T11] bond0 (unregistering): Released all slaves [ 315.169257][T16813] hsr_slave_0: entered promiscuous mode [ 315.175571][T16813] hsr_slave_1: entered promiscuous mode [ 315.286333][T16887] lo speed is unknown, defaulting to 1000 [ 315.426317][T16813] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 315.436586][T16813] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 315.448321][ T5904] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 315.465060][ T11] hsr_slave_0: left promiscuous mode [ 315.470851][ T11] hsr_slave_1: left promiscuous mode [ 315.476423][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 315.483934][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 315.491666][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 315.499474][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 315.513613][ T11] veth1_macvtap: left promiscuous mode [ 315.519751][ T11] veth0_macvtap: left promiscuous mode [ 315.525284][ T11] veth1_vlan: left promiscuous mode [ 315.530676][ T11] veth0_vlan: left promiscuous mode [ 315.608144][ T5904] usb 7-1: Using ep0 maxpacket: 16 [ 315.615837][ T5904] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC6, changing to 0x86 [ 315.632583][ T5904] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 315.643005][ T5904] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x86 has invalid maxpacket 0 [ 315.656064][ T5904] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 315.666549][ T5904] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 315.681535][ T5904] usb 7-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 315.691085][ T5904] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.699806][ T5904] usb 7-1: Product: syz [ 315.704161][ T5904] usb 7-1: Manufacturer: syz [ 315.709036][ T5904] usb 7-1: SerialNumber: syz [ 315.722386][ T5904] usb 7-1: config 0 descriptor?? [ 315.732309][ T5904] port100 7-1:0.0: NFC: Could not get supported command types [ 315.951281][ T5904] usb 7-1: USB disconnect, device number 3 [ 315.982967][ T11] team0 (unregistering): Port device team_slave_1 removed [ 316.021838][ T11] team0 (unregistering): Port device team_slave_0 removed [ 316.361235][T16813] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 316.386272][ T5898] infiniband syz0: ib_query_port failed (-19) [ 316.399522][T16813] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 316.447632][T16887] chnl_net:caif_netlink_parms(): no params data found [ 316.660176][T16887] bridge0: port 1(bridge_slave_0) entered blocking state [ 316.693042][T16887] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.705908][T16887] bridge_slave_0: entered allmulticast mode [ 316.739005][T16887] bridge_slave_0: entered promiscuous mode [ 316.767561][ T5898] hid-generic 0000:0003:0000.002F: unknown main item tag 0x0 [ 316.776711][T16813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 316.777089][ T5898] hid-generic 0000:0003:0000.002F: unknown main item tag 0x0 [ 316.792475][ T5898] hid-generic 0000:0003:0000.002F: hidraw0: HID v0.00 Device [syz1] on syz1 [ 316.805191][T16813] 8021q: adding VLAN 0 to HW filter on device team0 [ 316.815591][T16887] bridge0: port 2(bridge_slave_1) entered blocking state [ 316.823892][T16887] bridge0: port 2(bridge_slave_1) entered disabled state [ 316.833732][T16887] bridge_slave_1: entered allmulticast mode [ 316.840615][T16887] bridge_slave_1: entered promiscuous mode [ 316.870327][T16857] bridge0: port 1(bridge_slave_0) entered blocking state [ 316.877466][T16857] bridge0: port 1(bridge_slave_0) entered forwarding state [ 316.924040][ T11] IPVS: stop unused estimator thread 0... [ 316.924073][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 316.936892][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 316.963244][T11419] Bluetooth: hci3: command tx timeout [ 316.983096][T16887] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 317.006347][T16887] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 317.055932][T16887] team0: Port device team_slave_0 added [ 317.080703][T16887] team0: Port device team_slave_1 added [ 317.108035][T11419] Bluetooth: hci1: command tx timeout [ 317.125438][ T29] audit: type=1326 audit(1739674349.444:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16929 comm="syz.6.4805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa57278cde9 code=0x7ffc0000 [ 317.127275][T16887] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 317.167007][T16887] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 317.190051][ T29] audit: type=1326 audit(1739674349.484:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16929 comm="syz.6.4805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa57278cde9 code=0x7ffc0000 [ 317.212685][T16887] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 317.219906][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.235725][ T29] audit: type=1326 audit(1739674349.484:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16929 comm="syz.6.4805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fa57278cde9 code=0x7ffc0000 [ 317.259185][ C1] vkms_vblank_simulate: vblank timer overrun [ 317.266698][ T29] audit: type=1326 audit(1739674349.484:1065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16929 comm="syz.6.4805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa57278cde9 code=0x7ffc0000 [ 317.271759][T16813] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 317.290166][ C1] vkms_vblank_simulate: vblank timer overrun [ 317.313559][T16813] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 317.334163][T16887] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 317.342241][T16887] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 317.368203][ T29] audit: type=1326 audit(1739674349.484:1066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16929 comm="syz.6.4805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa57278cde9 code=0x7ffc0000 [ 317.368240][ T29] audit: type=1326 audit(1739674349.484:1067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16929 comm="syz.6.4805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa57278cde9 code=0x7ffc0000 [ 317.368268][ T29] audit: type=1326 audit(1739674349.484:1068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16929 comm="syz.6.4805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa57278cde9 code=0x7ffc0000 [ 317.368296][ T29] audit: type=1326 audit(1739674349.484:1069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16929 comm="syz.6.4805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa57278cde9 code=0x7ffc0000 [ 317.368324][ T29] audit: type=1326 audit(1739674349.484:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16929 comm="syz.6.4805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7fa57278cde9 code=0x7ffc0000 [ 317.368352][ T29] audit: type=1326 audit(1739674349.484:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16929 comm="syz.6.4805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa57278cde9 code=0x7ffc0000 [ 317.532594][T16887] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 317.662672][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.686237][T16887] hsr_slave_0: entered promiscuous mode [ 317.698520][T16887] hsr_slave_1: entered promiscuous mode [ 317.710046][T16887] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 317.724904][T16887] Cannot create hsr debugfs directory [ 317.786935][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.843489][T16813] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 317.919558][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.087036][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.400299][ T11] bridge_slave_1: left promiscuous mode [ 318.405998][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 318.425156][ T11] bridge_slave_0: left allmulticast mode [ 318.432392][ T11] bridge_slave_0: left promiscuous mode [ 318.444184][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.925950][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 318.936301][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 318.950176][ T11] bond0 (unregistering): Released all slaves [ 318.961428][ T11] bond1 (unregistering): Released all slaves [ 318.971866][T16887] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 318.981876][T16887] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 319.013456][T16887] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 319.028109][T11419] Bluetooth: hci3: command tx timeout [ 319.088882][T16887] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 319.171033][ T11] mac80211_hwsim hwsim3 wlan1: left promiscuous mode [ 319.198951][T11419] Bluetooth: hci1: command tx timeout [ 319.291635][T16813] veth0_vlan: entered promiscuous mode [ 319.323277][T16813] veth1_vlan: entered promiscuous mode [ 319.503490][T16813] veth0_macvtap: entered promiscuous mode [ 319.526246][T16813] veth1_macvtap: entered promiscuous mode [ 319.546666][T16887] 8021q: adding VLAN 0 to HW filter on device bond0 [ 319.577737][ T11] hsr_slave_0: left promiscuous mode [ 319.589531][ T11] hsr_slave_1: left promiscuous mode [ 319.595268][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 319.628249][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 319.636099][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 319.649120][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 319.675363][ T11] veth1_macvtap: left promiscuous mode [ 319.685312][ T11] veth0_macvtap: left promiscuous mode [ 319.694125][ T11] veth1_vlan: left promiscuous mode [ 319.703683][ T11] veth0_vlan: left promiscuous mode [ 320.115564][ T11] team0 (unregistering): Port device team_slave_1 removed [ 320.152848][ T11] team0 (unregistering): Port device team_slave_0 removed [ 320.504285][T16813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.515285][T16813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.525411][T16813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.547269][T16813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.557346][T16813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.568403][T16813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.579799][T16813] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 320.594105][T16813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 320.615575][T16813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.625993][T16813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 320.636892][T16813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.646789][T16813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 320.661888][T16813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.674527][T16813] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 320.702331][T16813] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.711941][T16813] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.721164][T16813] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.730352][T16813] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.744871][T16887] 8021q: adding VLAN 0 to HW filter on device team0 [ 320.784029][ T1100] bridge0: port 1(bridge_slave_0) entered blocking state [ 320.791146][ T1100] bridge0: port 1(bridge_slave_0) entered forwarding state [ 320.810501][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 320.817601][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 320.894975][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 320.898345][ T5868] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 320.907954][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 320.941766][T16857] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 320.958767][T16857] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 320.987567][ T11] IPVS: stop unused estimator thread 0... [ 321.059412][ T5868] usb 7-1: Using ep0 maxpacket: 32 [ 321.070242][ T5868] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 321.073897][T16887] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 321.095142][ T5868] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.108869][T11419] Bluetooth: hci3: command tx timeout [ 321.122544][ T5868] usb 7-1: config 0 descriptor?? [ 321.143806][ T5868] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 321.270016][T11419] Bluetooth: hci1: command tx timeout [ 321.275586][T16887] veth0_vlan: entered promiscuous mode [ 321.290178][T16887] veth1_vlan: entered promiscuous mode [ 321.315912][T16887] veth0_macvtap: entered promiscuous mode [ 321.327543][T16887] veth1_macvtap: entered promiscuous mode [ 321.337414][T17043] sit1: entered allmulticast mode [ 321.368051][T16887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 321.379473][T16887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.393678][T16887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 321.417959][T16887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.435081][T16887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 321.445915][T16887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.460186][T16887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 321.470908][T16887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.493232][T16887] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 321.511307][T16887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 321.524722][T16887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.535467][T16887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 321.546451][T16887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.560105][T16887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 321.574584][T16887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.584456][T16887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 321.595445][T16887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.606152][T16887] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 321.617347][T16887] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.626145][T16887] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.634957][T16887] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.644667][T16887] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.808486][ T1554] usb 7-1: USB disconnect, device number 4 [ 321.831818][T16869] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 321.855666][T16869] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 321.935506][T16835] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 321.951414][T16835] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 322.223188][T17080] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4857'. [ 322.410949][T17086] @: renamed from vlan0 (while UP) [ 322.615871][T17096] netlink: 'syz.5.4865': attribute type 10 has an invalid length. [ 322.637223][T17096] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 322.999673][T17115] Process accounting resumed [ 323.184599][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 323.184614][ T29] audit: type=1400 audit(1739674355.504:1074): avc: denied { bind } for pid=17128 comm="syz.5.4874" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 323.190963][T11419] Bluetooth: hci3: command tx timeout [ 323.211233][ C1] vkms_vblank_simulate: vblank timer overrun [ 325.211427][ T29] audit: type=1400 audit(1739674357.534:1075): avc: denied { ioctl } for pid=17232 comm="syz.4.4910" path="socket:[56017]" dev="sockfs" ino=56017 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 325.236766][T17237] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4912'. [ 325.376912][T17248] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 325.657996][ T5870] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 325.698358][ T5868] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 325.834134][ T5870] usb 7-1: config 0 has an invalid interface number: 133 but max is 0 [ 325.844197][ T5870] usb 7-1: config 0 has no interface number 0 [ 325.853996][ T5870] usb 7-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 325.857911][ T5868] usb 9-1: Using ep0 maxpacket: 16 [ 325.863370][ T5870] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 325.873459][ T5868] usb 9-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7 [ 325.876856][ T29] audit: type=1400 audit(1739674358.194:1076): avc: denied { getopt } for pid=17268 comm="syz.5.4924" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 325.891420][ T5868] usb 9-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 325.907915][ T5870] usb 7-1: Product: syz [ 325.921784][ T5870] usb 7-1: Manufacturer: syz [ 325.926778][ T5870] usb 7-1: SerialNumber: syz [ 325.933432][ T5870] usb 7-1: config 0 descriptor?? [ 325.948074][ T5868] usb 9-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 325.971803][ T5868] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 325.984252][ T5868] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 325.992659][ T5868] usb 9-1: Product: syz [ 325.996841][ T5868] usb 9-1: Manufacturer: syz [ 326.004449][ T5868] usb 9-1: SerialNumber: syz [ 326.146051][ T1554] IPVS: starting estimator thread 0... [ 326.156139][ T5870] keyspan 7-1:0.133: Keyspan 1 port adapter converter detected [ 326.173093][ T5870] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 81 [ 326.181854][ T5870] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 1 [ 326.191365][ T5870] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 2 [ 326.200953][ T5870] usb 7-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 326.236887][ T5868] usb 9-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 326.255328][T17278] IPVS: using max 38 ests per chain, 91200 per kthread [ 326.291965][ T5868] usb 9-1: USB disconnect, device number 2 [ 326.649062][ T5868] usb 7-1: USB disconnect, device number 5 [ 326.664475][ T5868] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 326.674598][ T5868] keyspan 7-1:0.133: device disconnected [ 326.692213][T17300] netlink: 76 bytes leftover after parsing attributes in process `syz.4.4939'. [ 327.066796][T17321] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4944'. [ 327.857745][T17376] netlink: 20 bytes leftover after parsing attributes in process `syz.8.4960'. [ 327.921447][T17376] ipvlan2: entered promiscuous mode [ 328.228525][ T5898] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 329.127153][ T29] audit: type=1326 audit(1739674361.434:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17447 comm="syz.8.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cb538cde9 code=0x7ffc0000 [ 329.207962][ T29] audit: type=1326 audit(1739674361.434:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17447 comm="syz.8.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cb538cde9 code=0x7ffc0000 [ 329.283320][ T5869] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 329.318113][ T29] audit: type=1326 audit(1739674361.434:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17447 comm="syz.8.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2cb538cde9 code=0x7ffc0000 [ 329.376407][ T29] audit: type=1326 audit(1739674361.444:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17447 comm="syz.8.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cb538cde9 code=0x7ffc0000 [ 329.400045][ T29] audit: type=1326 audit(1739674361.444:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17447 comm="syz.8.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cb538cde9 code=0x7ffc0000 [ 329.424455][ T29] audit: type=1326 audit(1739674361.454:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17447 comm="syz.8.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2cb538cde9 code=0x7ffc0000 [ 329.449366][ T29] audit: type=1326 audit(1739674361.694:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17447 comm="syz.8.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cb538cde9 code=0x7ffc0000 [ 329.485537][T17457] team0: Port device team_slave_1 removed [ 329.525627][ T29] audit: type=1326 audit(1739674361.694:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17447 comm="syz.8.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cb538cde9 code=0x7ffc0000 [ 329.575564][ T29] audit: type=1326 audit(1739674361.794:1085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17447 comm="syz.8.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7f2cb538cde9 code=0x7ffc0000 [ 329.612700][ T29] audit: type=1326 audit(1739674361.794:1086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17447 comm="syz.8.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cb538cde9 code=0x7ffc0000 [ 329.990149][ T52] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 329.999593][ T5904] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 330.008589][ T5868] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 330.018099][ T5869] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 330.176758][T17484] sg_write: process 68 (syz.7.5003) changed security contexts after opening file descriptor, this is not allowed. [ 330.177621][ T5868] usb 9-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 330.202709][ T5868] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.222483][ T5868] usb 9-1: config 0 descriptor?? [ 330.229310][ T5868] cp210x 9-1:0.0: cp210x converter detected [ 330.309949][ T5869] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 330.589519][T17504] hsr0: entered promiscuous mode [ 330.843253][ T5868] cp210x 9-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 330.851854][ T5868] cp210x 9-1:0.0: GPIO initialisation failed: -71 [ 330.871185][ T5868] usb 9-1: cp210x converter now attached to ttyUSB0 [ 330.880692][ T5868] usb 9-1: USB disconnect, device number 3 [ 330.890278][ T5868] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 330.898405][ T5868] cp210x 9-1:0.0: device disconnected [ 330.978041][ T5898] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 331.132110][ T5898] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 331.142411][ T5898] usb 7-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 331.151582][ T5898] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.161888][ T5898] usb 7-1: config 0 descriptor?? [ 331.167832][ T5898] usb 7-1: bad CDC descriptors [ 331.358962][ T5869] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 331.382370][ T5869] usb 7-1: USB disconnect, device number 6 [ 331.449510][T17526] batman_adv: batadv0: Adding interface: geneve2 [ 331.455974][T17526] batman_adv: batadv0: Not using interface geneve2 (retrying later): interface not active [ 331.507797][T17528] pim6reg: entered allmulticast mode [ 331.709472][T17538] macvlan0: entered allmulticast mode [ 331.714962][T17538] veth1_vlan: entered allmulticast mode [ 331.722658][T17538] pim6reg: left allmulticast mode [ 331.727798][T17538] macvlan0: left allmulticast mode [ 331.732958][T17538] veth1_vlan: left allmulticast mode [ 331.858682][ T5870] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 332.056209][ T5870] usb 9-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 332.067867][ T5870] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 332.087863][ T5870] usb 9-1: Product: syz [ 332.092039][ T5870] usb 9-1: Manufacturer: syz [ 332.096708][ T5870] usb 9-1: SerialNumber: syz [ 332.108248][ T5870] usb 9-1: config 0 descriptor?? [ 332.341712][ T5868] usb 9-1: USB disconnect, device number 4 [ 332.399084][ T5870] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 332.622804][T17580] input: syz0 as /devices/virtual/input/input55 [ 332.856622][T17589] Failed to get privilege flags for destination (handle=0x2:0x7) [ 332.909551][T17591] netlink: 20 bytes leftover after parsing attributes in process `syz.6.5052'. [ 333.118942][ T5868] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 333.428699][ T5898] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 333.502429][T17625] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 333.509709][T17625] IPv6: NLM_F_CREATE should be set when creating new route [ 333.628080][T17634] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5071'. [ 333.643384][T17636] netlink: 9275 bytes leftover after parsing attributes in process `syz.6.5073'. [ 333.660358][T17634] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5071'. [ 334.408324][ T5898] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 334.486744][ T5870] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 334.572002][T17688] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5098'. [ 334.581622][ T5898] usb 9-1: Using ep0 maxpacket: 32 [ 334.592756][ T5898] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 334.605706][ T5898] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 334.634187][ T5898] usb 9-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 334.654729][ T5898] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 334.669315][ T5898] usb 9-1: config 0 descriptor?? [ 335.091132][ T5898] ft260 0003:0403:6030.0030: item fetching failed at offset 0/2 [ 335.099492][ T5898] ft260 0003:0403:6030.0030: failed to parse HID [ 335.105951][ T5898] ft260 0003:0403:6030.0030: probe with driver ft260 failed with error -22 [ 335.344673][ T5868] usb 9-1: USB disconnect, device number 5 [ 335.509155][ T5898] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 335.733892][T14402] ------------[ cut here ]------------ [ 335.739677][T14402] refcount_t: underflow; use-after-free. [ 335.745513][T14402] WARNING: CPU: 1 PID: 14402 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210 [ 335.754979][T14402] Modules linked in: [ 335.758862][T14402] CPU: 1 UID: 0 PID: 14402 Comm: kbnepd ÒÜ'ç‘ Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0 [ 335.770290][T14402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 335.781114][T14402] RIP: 0010:refcount_warn_saturate+0x14a/0x210 [ 335.787383][T14402] Code: ff 89 de e8 08 5b f5 fc 84 db 0f 85 66 ff ff ff e8 5b 60 f5 fc c6 05 17 5e 86 0b 01 90 48 c7 c7 c0 00 d3 8b e8 b7 99 b5 fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 38 60 f5 fc 0f b6 1d f2 5d 86 0b 31 [ 335.807016][T14402] RSP: 0018:ffffc9000d82f948 EFLAGS: 00010282 [ 335.813074][T14402] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817a1229 [ 335.821030][T14402] RDX: ffff888056a2a440 RSI: ffffffff817a1236 RDI: 0000000000000001 [ 335.829083][T14402] RBP: ffff888048ca4478 R08: 0000000000000001 R09: 0000000000000000 [ 335.837029][T14402] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88807c37f400 [ 335.845182][T14402] R13: ffff888048ca4478 R14: ffffffff85ebd860 R15: dffffc0000000000 [ 335.853169][T14402] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 335.862092][T14402] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 335.868665][T14402] CR2: 00007f82f8d0bf98 CR3: 0000000034df8000 CR4: 00000000003526f0 [ 335.876806][T14402] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 335.885044][T14402] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 335.893083][T14402] Call Trace: [ 335.896474][T14402] [ 335.899408][T14402] ? __warn+0xea/0x3c0 [ 335.903466][T14402] ? __pfx_vprintk_emit+0x10/0x10 [ 335.908481][T14402] ? refcount_warn_saturate+0x14a/0x210 [ 335.914023][T14402] ? report_bug+0x3c0/0x580 [ 335.918514][T14402] ? handle_bug+0x54/0xa0 [ 335.922821][T14402] ? exc_invalid_op+0x17/0x50 [ 335.927487][T14402] ? asm_exc_invalid_op+0x1a/0x20 [ 335.932505][T14402] ? __pfx_klist_children_put+0x10/0x10 [ 335.938096][T14402] ? __warn_printk+0x199/0x350 [ 335.942839][T14402] ? __warn_printk+0x1a6/0x350 [ 335.947586][T14402] ? refcount_warn_saturate+0x14a/0x210 [ 335.953128][T14402] ? refcount_warn_saturate+0x149/0x210 [ 335.958696][T14402] klist_put+0x11b/0x1b0 [ 335.962960][T14402] device_del+0x1d9/0x9f0 [ 335.967279][T14402] ? lockdep_hardirqs_on+0x7c/0x110 [ 335.972483][T14402] ? __pfx_device_del+0x10/0x10 [ 335.977545][T14402] unregister_netdevice_many_notify+0x13aa/0x1f30 [ 335.984159][T14402] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 335.990965][T14402] ? trace_contention_end+0xee/0x140 [ 335.996247][T14402] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 336.001871][T14402] ? unregister_netdev+0x17/0x30 [ 336.006785][T14402] ? rcu_is_watching+0x12/0xc0 [ 336.011535][T14402] ? __pfx___mutex_lock+0x10/0x10 [ 336.016546][T14402] ? bnep_session+0x21ae/0x2ca0 [ 336.021391][T14402] unregister_netdevice_queue+0x307/0x3f0 [ 336.027087][T14402] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 336.033324][T14402] ? down_write+0x14e/0x200 [ 336.037871][T14402] ? __pfx_down_write+0x10/0x10 [ 336.042703][T14402] unregister_netdev+0x21/0x30 [ 336.047456][T14402] bnep_session+0x21b6/0x2ca0 [ 336.052128][T14402] ? __schedule+0x3c6a/0x5890 [ 336.056783][T14402] ? __pfx___lock_acquire+0x10/0x10 [ 336.061978][T14402] ? __pfx_bnep_session+0x10/0x10 [ 336.066981][T14402] ? __kthread_parkme+0xb7/0x220 [ 336.071913][T14402] ? __pfx_lock_release+0x10/0x10 [ 336.077146][T14402] ? __pfx_woken_wake_function+0x10/0x10 [ 336.083001][T14402] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 336.088873][T14402] ? lockdep_hardirqs_on+0x7c/0x110 [ 336.094052][T14402] ? __kthread_parkme+0x148/0x220 [ 336.099101][T14402] ? __pfx_bnep_session+0x10/0x10 [ 336.104105][T14402] kthread+0x3af/0x750 [ 336.108173][T14402] ? __pfx_kthread+0x10/0x10 [ 336.112751][T14402] ? __pfx_kthread+0x10/0x10 [ 336.117318][T14402] ret_from_fork+0x45/0x80 [ 336.121731][T14402] ? __pfx_kthread+0x10/0x10 [ 336.126296][T14402] ret_from_fork_asm+0x1a/0x30 [ 336.131052][T14402] [ 336.134056][T14402] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 336.141306][T14402] CPU: 1 UID: 0 PID: 14402 Comm: kbnepd ÒÜ'ç‘ Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0 [ 336.152465][T14402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 336.162503][T14402] Call Trace: [ 336.165763][T14402] [ 336.168668][T14402] dump_stack_lvl+0x3d/0x1f0 [ 336.173229][T14402] panic+0x71d/0x800 [ 336.177107][T14402] ? __pfx_panic+0x10/0x10 [ 336.181498][T14402] ? show_trace_log_lvl+0x29d/0x3d0 [ 336.186678][T14402] ? check_panic_on_warn+0x1f/0xb0 [ 336.191762][T14402] ? refcount_warn_saturate+0x14a/0x210 [ 336.197293][T14402] check_panic_on_warn+0xab/0xb0 [ 336.202201][T14402] __warn+0xf6/0x3c0 [ 336.206067][T14402] ? __pfx_vprintk_emit+0x10/0x10 [ 336.211157][T14402] ? refcount_warn_saturate+0x14a/0x210 [ 336.216677][T14402] report_bug+0x3c0/0x580 [ 336.220977][T14402] handle_bug+0x54/0xa0 [ 336.225104][T14402] exc_invalid_op+0x17/0x50 [ 336.229588][T14402] asm_exc_invalid_op+0x1a/0x20 [ 336.234416][T14402] RIP: 0010:refcount_warn_saturate+0x14a/0x210 [ 336.240546][T14402] Code: ff 89 de e8 08 5b f5 fc 84 db 0f 85 66 ff ff ff e8 5b 60 f5 fc c6 05 17 5e 86 0b 01 90 48 c7 c7 c0 00 d3 8b e8 b7 99 b5 fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 38 60 f5 fc 0f b6 1d f2 5d 86 0b 31 [ 336.260123][T14402] RSP: 0018:ffffc9000d82f948 EFLAGS: 00010282 [ 336.266159][T14402] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817a1229 [ 336.274100][T14402] RDX: ffff888056a2a440 RSI: ffffffff817a1236 RDI: 0000000000000001 [ 336.282042][T14402] RBP: ffff888048ca4478 R08: 0000000000000001 R09: 0000000000000000 [ 336.289985][T14402] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88807c37f400 [ 336.297933][T14402] R13: ffff888048ca4478 R14: ffffffff85ebd860 R15: dffffc0000000000 [ 336.305882][T14402] ? __pfx_klist_children_put+0x10/0x10 [ 336.311408][T14402] ? __warn_printk+0x199/0x350 [ 336.316165][T14402] ? __warn_printk+0x1a6/0x350 [ 336.320901][T14402] ? refcount_warn_saturate+0x149/0x210 [ 336.326423][T14402] klist_put+0x11b/0x1b0 [ 336.330639][T14402] device_del+0x1d9/0x9f0 [ 336.334949][T14402] ? lockdep_hardirqs_on+0x7c/0x110 [ 336.340124][T14402] ? __pfx_device_del+0x10/0x10 [ 336.344952][T14402] unregister_netdevice_many_notify+0x13aa/0x1f30 [ 336.351344][T14402] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 336.358080][T14402] ? trace_contention_end+0xee/0x140 [ 336.363340][T14402] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 336.368947][T14402] ? unregister_netdev+0x17/0x30 [ 336.373872][T14402] ? rcu_is_watching+0x12/0xc0 [ 336.378612][T14402] ? __pfx___mutex_lock+0x10/0x10 [ 336.383607][T14402] ? bnep_session+0x21ae/0x2ca0 [ 336.388443][T14402] unregister_netdevice_queue+0x307/0x3f0 [ 336.394137][T14402] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 336.400360][T14402] ? down_write+0x14e/0x200 [ 336.404842][T14402] ? __pfx_down_write+0x10/0x10 [ 336.409669][T14402] unregister_netdev+0x21/0x30 [ 336.414434][T14402] bnep_session+0x21b6/0x2ca0 [ 336.419089][T14402] ? __schedule+0x3c6a/0x5890 [ 336.423754][T14402] ? __pfx___lock_acquire+0x10/0x10 [ 336.428932][T14402] ? __pfx_bnep_session+0x10/0x10 [ 336.433932][T14402] ? __kthread_parkme+0xb7/0x220 [ 336.438841][T14402] ? __pfx_lock_release+0x10/0x10 [ 336.443851][T14402] ? __pfx_woken_wake_function+0x10/0x10 [ 336.449458][T14402] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 336.455254][T14402] ? lockdep_hardirqs_on+0x7c/0x110 [ 336.460427][T14402] ? __kthread_parkme+0x148/0x220 [ 336.465439][T14402] ? __pfx_bnep_session+0x10/0x10 [ 336.470451][T14402] kthread+0x3af/0x750 [ 336.474502][T14402] ? __pfx_kthread+0x10/0x10 [ 336.479071][T14402] ? __pfx_kthread+0x10/0x10 [ 336.483635][T14402] ret_from_fork+0x45/0x80 [ 336.488024][T14402] ? __pfx_kthread+0x10/0x10 [ 336.492588][T14402] ret_from_fork_asm+0x1a/0x30 [ 336.497330][T14402] [ 337.558001][T14402] Shutting down cpus with NMI [ 337.562922][T14402] Kernel Offset: disabled [ 337.567439][T14402] Rebooting in 86400 seconds..